Where to get the digital certificatesMicrosoft Office XP uses Microsoft Authenticode technology to enable you to digitally sign a file or a macro project by using a digital certificate. The certificate used to create this signature confirms that the macro or document originated from the signer, and the signature confirms that it has not been altered. When you set the macro security level, you can run macros based on whether they are digitally signed by a developer on your list of trusted sources.
Where to get the digital certificates
You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or from your internal security administrator or Information Technology (IT) professional. Or, you can create a digital signature yourself using the Selfcert.exe tool.
Note Because a digital certificate you create yourself isn't issued by a formal certification authority, macro projects signed by using such a certificate are referred to as self-signed projects. Certificates you create yourself are considered unauthenticated and will generate a warning in the Security Warning box if the security level is set to High or Medium. Depending on how Microsoft Office digital-signature features are being used in your organization, you might be prevented from using such a certificate, and other users might not be able to run self-signed macros for security reasons.
Commercial certification authorities
To obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., you or your organization must submit an application to that authority.
To learn more about certification authorities that offer services for Microsoft products, see the Microsoft Security Advisor Web site.
Note The hyperlink in this topic goes to the Web. You can switch back to Help at any time.
Depending on your status as a developer, you should apply for a Class 2 or Class 3 digital certificate for software publishers:
When you receive your digital certificate, you are given instructions on how to install it on the computer you use to sign your Microsoft Office solutions.
Internal certification authorities
Some organizations and corporations might have a security administrator or group act as their own certification authority and produce or distribute digital certificates by using tools such as Microsoft Certificate Server. Microsoft Certificate Server can function as a stand-alone certification authority or as part of an existing certification authority hierarchy. Depending on how Microsoft Office digital-signature features are used in your organization, you might be able to sign macro projects by using a digital certificate from your organization's internal certification authority. Or you might need to have an administrator sign macro projects for you by using an approved certificate. For information about your organization's policy, contact your network administrator or IT department.
Signing your own files and macro projects
After you have installed your digital certificate, you can sign files and macro projects.
When you digitally sign a file, you certify that the information in the file is valid and that it has not been modified since the file was signed. As long as a file is unchanged, reviewers can attach signatures to it. You might use a digital signature with important files. When you digitally sign a macro project, your digital signature says that you guarantee that the project is safe. Just as signed files remain signed until the file is modified, signed macro projects remain signed until the macro code is altered.
Note When you digitally sign a file, it is important that you understand that the digital signature generated by Office may not constitute a legally binding signature in all U.S. states, Canadian provinces, or in other countries. You should consult with the law of the appropriate jurisdiction before relying on a digital signature as a binding legal signature. You should also understand that feature cannot in all circumstances check the validity of the digital certificate on which the digital signature is based. Therefore, it is important that you verify that the digital certificate is valid before using it to sign a document.