I have obtained a Digital Code Signing certificate from Comodo (InstantSSL)
and installed it in my Certificate Store. It has a 1024 bit key using
Microsoft Enhanced Cryptographic Provider v1.0.

After opening my Excel spreadsheet I edit the macros (Alt-F11) click on the
project and select Tools|Digital Signatures.

From here Choose my certificate and click OK, this informs me that the VBA
project is currently signed by my company (viewing the cert shows it was
issued by Comodo).

Close the VBA editor and save the worksheet. In Excel 2002 the spreadsheet
closes without question. In Excel 2003 I receive the message

--------------------------------------------
There were problems with the digital certificate. The VBA project could not
be signed. The signature will be discarded.
--------------------------------------------

When I open either the 2002 or 2003 sheet, edit the VBA project and view the
digital certificate nothing is install and of course the spreadsheet
complains about the macros not being signed on medium & high security setting.

Whats going wrong here, it all worked well with the TEST self signed
certificate, I just now need to do the real thing.

--
Regards
Stephen Davies

I recently had this exact same error message with a self-cert
certificate that I've used in the past to sign add-ins for internal
company use. I'm planning on importing a backup copy of the
certificate, but I have not had the opportunity. I would greatly
appreciate any insight on the problem.

Dave

Hi Stephen,

I have not farmilar with Comodo (InstantSSL).

I think you may try to check what is install status of the certificate on
your machine.
You may open the Internet Explorer and following the steps below.
1. Navigate to Tools/Internet Options/Contect/Certificates
2. Select the Personal Tab
3. Select the imported certificate and double click it
4. In the following dialog, You may find the Purpose
5. In the bottom, is there a sentence about "You have a private key that
corresponds to the certificate"?

The private key is used to do the digital sign job.

If no,based on my experience, Verisign distribute their certificate as two
files(one is PVK file and the other is SFC.

If the the Comodo has the same distribution file form, you may try to use
the tool below to import the PVK file.

PVK Digital Certificate Files Importer
http://www.microsoft.com/downloads/d...C94-B129-46BC-
B240-414BDFF679A7&displaylang=EN

Hope this helps.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks Peter, the lack of the private key was the problem. pvkimprt.exe only
seemed to behave itself on the XP platform but no problem as I exported a
..pfx and installed on the 2000 machine without a problem.

With that problem out of the way, one thing that puzzles me is that I still
have to trust the certificate from the Trusted organization (always trust
this source) exactly the same as I have to with a self-signed certificate,
whats the benefit? I was hoping that since the macro was signed by an agency
such as Verisign, Thawte or Comodo that I would not be prompted at all on
medium or high macro security settings.

Oh well, thanks again for the assistance, you were right on the mark.

Regards
Stephen Davies


""Peter Huang"" wrote:

Hi Stephen,

I have not farmilar with Comodo (InstantSSL).

I think you may try to check what is install status of the certificate on
your machine.
You may open the Internet Explorer and following the steps below.
1. Navigate to Tools/Internet Options/Contect/Certificates
2. Select the Personal Tab
3. Select the imported certificate and double click it
4. In the following dialog, You may find the Purpose
5. In the bottom, is there a sentence about "You have a private key that
corresponds to the certificate"?

The private key is used to do the digital sign job.

If no,based on my experience, Verisign distribute their certificate as two
files(one is PVK file and the other is SFC.

If the the Comodo has the same distribution file form, you may try to use
the tool below to import the PVK file.

PVK Digital Certificate Files Importer
http://www.microsoft.com/downloads/d...C94-B129-46BC-
B240-414BDFF679A7&displaylang=EN

Hope this helps.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi

Do you mean after sign the code, you still can not run the macro?
Have you tried to add the CA publisher in the trusted publisher list.

Add a macro developer to the list of trusted publishers

If you haven't already done so, set the macro (macro: An action or a set of
actions you can use to automate tasks. Macros are recorded in the Visual
Basic for Applications programming language.) security level to Medium or
High.

How?

On the Tools menu, click Options.
Click the Security tab.
Under Macro Security, click Macro Security.
Click the Security Level tab, and then select the security level you want
to use.
Open the file or load the add-in (add-in: A supplemental program that adds
custom commands or custom features to Microsoft Office.) that contains
macros certified by the macro developer that you want to add to the list.
In the Security Warning box, select the Always trust macros from this
publisher check box.


Modify the list of trusted publishers for macros
http://office.microsoft.com/en-us/as...356731033.aspx

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

This just happened to me this morning Dave. A self-cert digital certificate
that was fine yesterday is now invalid.

Since moving to Office 2002 late last year I've found Word or Excel VBA
projects are very easily corrupted. They were solid as a rock in Office 97.

Ben

"Dave" wrote:

I recently had this exact same error message with a self-cert
certificate that I've used in the past to sign add-ins for internal
company use. I'm planning on importing a backup copy of the
certificate, but I have not had the opportunity. I would greatly
appreciate any insight on the problem.

Dave