Signing Microsoft Office 2k & XP VBA Macros with a Comodo
This document details the process needed to sign Microsoft Office 2000 & XP VBA macros with a Comodo Code-Signing certificate including a worked example. All web links are provided for illustration purposes only, and are correct at time of publishing. It is recommended that the user checks for any updates that may become available since the publishing of this document. Pre-requisites:
* Microsoft's tool to import PVK files:
Download the PVK import tool from Microsoft (pvkimprt.exe)
* Your code signing certificate from Comodo (as PVK and SPC files). Preperation:
Click to obtain your Code Signing Certificate from Comodo
1. Install pvkimport you downloaded from Microsoft. Remember the paths to where you installed it (c:\codesign\). You may also copy your certificate/key files to this directory (mycert.spc & mykey.pvk). 2. Open a command-prompt and change to the folder where you installed pvkimport. (c:\codesign\). 3. Combine your SPC and PVK certificate/key files that you received from Comodo into a PFX file using pvkimport: (c:\codesign> pvkimprt -import –pfx c:\codesign\mycert.spc c:\codesign\mycert.pvk) This will start a wizard. Choose options: Yes, Export the Private Key (check) Include all Certificates in Path if possible (check) Enable strong protection (uncheck) Delete the private key if export is successful (uncheck) Enter a password Choose a location (c:\firefoxext\mycert.pfx) Finish. 4. You can check the private key has been imported successfully by using MMC. Open MMC, select add/remove snap in and select certificates. Opening your code signing certificate should show code signing usage and that you have the private key. 5. Within your Office 2K document, open the Visual Basic editor from the Tools – Macro menu. 6. Open the VBA project you wish to sign, and select Digital Signature from the Tools menu. 7. Select Chose from the Digital Signature window and your code signing certificate that you wish to use to sign your VBA macro. 8. Click OK followed by Save, close to return to your Office document. Your macro is now digitally signed.
Please note to add a friendly name to the certificate before using the certificate. How can this be changed?
Friendly name within the MMC snap in window.
Click the Start Button then select Run and type mmc Click File and select Add/Remove Snap in Select Add, select Certificates from the Add Standalone Snap-in box and click Add Select Computer Account and click Finish (note: This step is very important. It must be the computer account and not the current user account) Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in Return to the MMC To modify the friendly name go to the Personal, certificates Select the code sign cert and right click Properties
You should now see the friendly name field which can be modified to suit your needs.