VBA signing Office 2K & XP VBA Macros

May 25, 2018 in Windows and Code Signing

Signing Microsoft Office 2K & XP VBA Macros with a Sectigo Code-Signing Certificate.


Prerequisites:

  • Microsoft's tool to import PVK files:


Download the PVK import tool from Microsoft (pvkimprt.exe)

  • Your code signing certificate from Sectigo (as PVK and SPC files).
  • If you do not have these files. Follow these directions here


Preparation:

Click to obtain your Code Signing Certificate from Sectigo

Procedure:

  1. Install pvkimport you downloaded from Microsoft. Remember the paths to where you installed it (c:\\codesign\\). You may also copy your certificate/key files to this directory (mycert.spc & mykey.pvk).
  2. Open a command-prompt and change to the folder where you installed pvkimport. (c:\\codesign\\).
  3. Combine your SPC and PVK certificate/key files that you received from Sectigo into a PFX file using pvkimport: (c:\\codesign> pvkimprt -import –pfx c:\\codesign\\mycert.spc c:\\codesign\\mycert.pvk)
    • This will start a wizard.
    • Choose options:
    • Yes, Export the Private Key (check)
    • Include all Certificates in Path if possible (check)
    • Enable strong protection (uncheck)
    • Delete the private key if export is successful (uncheck)
    • Enter a password
    • Choose a location (c:\\firefoxext\\mycert.pfx)
    • Finish.
  4. You can check the private key has been imported successfully by using MMC.
  5. Open MMC
  6. Select add/remove snap in and select certificates.
  7. Opening your code signing certificate should show code signing usage and that you have the private key.
  8. Within your Office 2K document, open the Visual Basic editor from the Tools – Macro menu.
  9. Open the VBA project you wish to sign, and select Digital Signature from the Tools menu.
  10. Select Chose from the Digital Signature window and your code signing certificate that you wish to use to sign your VBA macro.
  11. Click OK followed by Save
  12. Close to return to your Office document.
  13. Your macro is now digitally signed.



Please note: add a friendly name to the certificate before using the certificate.

How can I change the Friendly name within the MMC snap in window?

  1. Click the Start Button
  2. Select Run
  3. Type mmc
  4. Click File
  5. Select Add/Remove Snap in
  6. Select Add
  7. Select Certificates from the Add Standalone Snap-in box
  8. Click Add Select Computer Account
  9. Click Finish
    • (note: This step is very important. It must be the computer account and not the current user account)
  10. Close the Add Standalone Snap-in box
  11. Click OK in the Add/Remove Snap in
  12. Return to the MMC to modify the friendly name
  13. Go to the Personal certificates
  14. Select the code sign cert
  15. Right click Properties


You should now see the friendly name field which can be modified to suit your needs.