Signing Microsoft Office 2K & XP VBA Macros with a Sectigo Code-Signing Certificate.
Prerequisites:
- Microsoft's tool to import PVK files:
Download the PVK import tool from Microsoft (pvkimprt.exe)
- Your code signing certificate from Sectigo (as PVK and SPC files).
- If you do not have these files. Follow these directions here
Preparation:
Click to obtain your Code Signing Certificate from Sectigo
Procedure:
- Install pvkimport you downloaded from Microsoft. Remember the paths to where you installed it (c:\\codesign\\). You may also copy your certificate/key files to this directory (mycert.spc & mykey.pvk).
- Open a command-prompt and change to the folder where you installed pvkimport. (c:\\codesign\\).
- Combine your SPC and PVK certificate/key files that you received from Sectigo into a PFX file using pvkimport: (c:\\codesign> pvkimprt -import –pfx c:\\codesign\\mycert.spc c:\\codesign\\mycert.pvk)
- This will start a wizard.
- Choose options:
- Yes, Export the Private Key (check)
- Include all Certificates in Path if possible (check)
- Enable strong protection (uncheck)
- Delete the private key if export is successful (uncheck)
- Enter a password
- Choose a location (c:\\firefoxext\\mycert.pfx)
- Finish.
- You can check the private key has been imported successfully by using MMC.
- Open MMC
- Select add/remove snap in and select certificates.
- Opening your code signing certificate should show code signing usage and that you have the private key.
- Within your Office 2K document, open the Visual Basic editor from the Tools – Macro menu.
- Open the VBA project you wish to sign, and select Digital Signature from the Tools menu.
- Select Chose from the Digital Signature window and your code signing certificate that you wish to use to sign your VBA macro.
- Click OK followed by Save
- Close to return to your Office document.
- Your macro is now digitally signed.
Please note: add a friendly name to the certificate before using the certificate.
How can I change the Friendly name within the MMC snap in window?
- Click the Start Button
- Select Run
- Type mmc
- Click File
- Select Add/Remove Snap in
- Select Add
- Select Certificates from the Add Standalone Snap-in box
- Click Add Select Computer Account
- Click Finish
- (note: This step is very important. It must be the computer account and not the current user account)
- Close the Add Standalone Snap-in box
- Click OK in the Add/Remove Snap in
- Return to the MMC to modify the friendly name
- Go to the Personal certificates
- Select the code sign cert
- Right click Properties
You should now see the friendly name field which can be modified to suit your needs.