Home |
Search |
Today's Posts |
#1
Posted to microsoft.public.excel.misc,microsoft.public.excel.programming,microsoft.public.vb.bugs,microsoft.public.developer.outlook.addins,microsoft.public.office.developer.vba
|
|||
|
|||
Digital signature/certificate
"Unexperienced user" wrote in message ...
When trying to sign a macro project (with a valid certificate), I receive the following error message: "There was a problem with the digital certificate. The VBA project could not be signed. The signature will be discarded." I have created several other certificates using SelfCert but the problem persist. Any help? Thanks for you help! Sorry for the cross-posts, but this question seems to come up all over. Also, all my pictures got removed in the post, and the attachment is gone, but keep searching and you'll find the files (try Christian's page first) email me if you can't find them Here is the solution to the problem I was having: Problem: I had created a Digital Signature Certificate using the selfcert.exe utility provided with Office XP, and used it for several months. Then all of a sudden (the only thing I can imagine changed is I changed my Network password) I started getting a message that my Code could not be signed due to an error in the signature. msg: "There was a problem with the digital certificate. VBA project in the file 'XXX.doc' could not be signed. The signature will be discarded." After determining that reinstalling the Certificate wouldn't solve the problem, I tried to create a new certificate with selfcert.exe, which got me this error: "An error occurred during certificate creation. Selfcert was unable to create your certificate." Note: the solution below seems to solve the problem, even if you don't get this last message. SOLUTION: Searching around on the internet lead me to Christian d'Heureuse's article on creating exportable Certificates (http://www.source-code.biz/snippets/vbasic/3.htm). This article basically describes how to create a certificate using makecert.exe instead of selfcert.exe. I think the more important part to this is that it allows you to create a PKCS #12 certificate, which allows backups and private key exporting. I've attached a zip file with the three programs you will need (makecert.exe, cert2spc.exe, pvkimprt.exe) All of the programs and commands are ‘in DOS'. So open a DOS window and go to the directory where you saved the makecert, cert2spc and pvkimprt files to. First create an X.509 certificate using makecert.exe, this will create a certificate with a default 35 year life span Makecert –r –n "CN=Your Name" –sv CertFileName.pvk CertFileName.cer Whe -r specifies a self issued certificate -n Defines the Certs display name -sv Defines the private key output file name (don't use spaces) Do make note of the password used here, because you will need it again in the last step. Next create an PKCS #7 certificate from the *.cer file created above using cert2spc Cert2spc CertFileName.cer CertFileName.spc Last, create a PKCS #12 certificate from the *.spc file created above using pvkimprt. Though this program normally triggers the certificate import wizard, the –pfx option forces the export wizard instead. This export wizard uses the *.spc to create a *.pfx file that can be moved to any computer to become the signing certificate. Pvkimprt –pfx CertFileName.spc CertFileName.pvk Note: Export the file to CertFileName.pfx. Also, here is where you will need the password used to create the *.cer file. The password will be needed again when you import the certificate into the certificate store. Be sure to check the box to ‘export the private key' otherwise you will not get the *.pfx file output we are after, and you won't be able to sign code. Now that the certificate has been created, import the certificate into the certificate store on the computer that will do the signing. IMPORTANT: this PKCS #12 cert must be installed to the ‘Personal' store. This was the only location that would allow the cert to show up in the list on the module ‘Digital-Signature' selection window. And the only place it can be to actually perform ‘Signing' Click ‘Import…' Enter your password from the first step, also, check the box to ‘Mark this key as exportable.' This will allow you to move this certificate to another computer, though since we have already created the export *.pfx file, it's not really necessary (as long as this file is backed-up and handy.) Click ‘Next ' Make sure to select 'Place all certificates in the following store' and browse to 'Personal' Click ‘Next ' Click ‘Finish' As an additional note, as if you have control of this, the user needs to accept the default install location when they go to install the certificate when they open the file. This default location is the ‘Root' store, and if they install it to another location, they will continue to be asked to accept the certificate. This part applies to you as well, when you open the file for the first time. Further information can be found on each of the three files used here, at the Microsoft MSDN page, though their file versions available are old (unless you dig really deep). The file versions you will need (or newer) a MakeCert 5.131.3617.0 Cert2spc 5.131.1863.1 Pvkimprt 5.131.2014.1 Dan Guzman - Database Coordinator |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Current digital certificate | Excel Discussion (Misc queries) | |||
How to delete digital signature certificate? | Excel Discussion (Misc queries) | |||
Is there any way to delete a Digital Certificate | Excel Worksheet Functions | |||
Is it possible to move a Digital Certificate to another PC? | Excel Programming | |||
Where do I find my digital CERTIFICATE | Excel Programming |