Add a digital signature to a file or macro project

You digitally sign a file or a macro project by using a digital certificate.

1. If you don't already have a digital certificate, you must obtain one.

   How?

   You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or from your internal security administrator or Information Technology (IT) professional. Or, you can create a digital signature yourself using the Selfcert.exe tool.

   To learn more about certification authorities that offer services for Microsoft products, see the Microsoft Security Advisor Web site.

   Notes

   • The hyperlink in this topic goes to the Web. You can switch back to Help at any time.

   • Because a digital certificate you create yourself isn't issued by a formal certification authority, macro projects signed by using such a certificate are referred to as self-signed projects. Depending on how Microsoft Office digital-signature features are being used in your organization, you might be prevented from using such a certificate, and other users might not be able to run self-signed macros for security reasons.

2. Do one of the following:

   Sign a file

   1. On the Tools menu, click Options, and click the Security tab.
   2. Click Digital signatures.
   3. Click Add.
   4. Select the certificate you want to add, and then click OK.

   Sign a macro project

   1. Open the file that contains the macro project you want to sign.
   2. On the Tools menu, point to Macro, and then click Visual Basic Editor.
   3. In the Project Explorer, select the project you want to sign.
   4. On the Tools menu, click Digital Signature.
   5. Do one of the following:
      • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
      • To use the current certificate, click OK.

   Tips

   • Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is modified in any way, its digital signature is removed. However, if you have the proper digital certificate on your computer, the macro project will automatically be resigned when saved.

   • If you want to prevent users of your solution from accidentally modifying your macro project and invalidating your signature, lock the macro project before signing it. Your digital signature says only that you guarantee that this project is safe. It does not prove that you wrote the project. So locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators might re-sign templates and add-ins so that they can control exactly what users may run on their computers.

   • If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and notify the user of the consequences of modifying a signed project before continuing.