You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or from your internal security administrator or Information Technology (IT) professional. Or, you can create a digital signature yourself using the Selfcert.exe tool.
Note Because a digital certificate you create yourself isn't issued by a formal certification authority, macro projects signed by using such a certificate are referred to as self-signed projects. Certificates you create yourself are considered unauthenticated and will generate a warning in the Security Warning box if the security level is set to High or Medium. Microsoft Office will only trust a self-signed certificate on a computer that has the private key for that certificate available (generally only the computer that actually created the certificate, unless the private key is shared with other computers).
Commercial certification authorities
To obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., you or your organization must submit an application to that authority.
To learn more about certification authorities that offer services for Microsoft products, see the Microsoft TechNet Security Web site.
Depending on your status as a developer, you should apply for a Class 2 or Class 3 digital certificate for software publishers:
- A Class 2 digital certificate is designed for people who publish software as individuals. This class of digital certificate provides assurance as to the identity of the individual publisher.
- A Class 3 digital certificate is designed for companies and other organizations that publish software. This class of digital certificate provides greater assurance about the identity of the publishing organization. Class 3 digital certificates are designed to represent the level of assurance provided today by retail channels for software. An applicant for a Class 3 digital certificate must also meet a minimum financial stability level based on ratings from Dun & Bradstreet Financial Services.
When you receive your digital certificate, you are given instructions on how to install it on the computer you use to sign your Microsoft Office solutions.
Internal certification authorities
Some organizations and corporations might have a security administrator or group act as their own certification authority and produce or distribute digital certificates by using tools such as Microsoft Certificate Server. Microsoft Certificate Server can function as a stand-alone certification authority or as part of an existing certification authority hierarchy. Depending on how Microsoft Office digital-signature features are used in your organization, you might be able to sign macro projects by using a digital certificate from your organization's internal certification authority. Or you might need to have an administrator sign macro projects for you by using an approved certificate. For information about your organization's policy, contact your network administrator or IT department.
Signing your own files and macro projects
After you have installed your digital certificate, you can sign macro projects.
When you digitally sign a file, you certify that the information in the file is valid and that it has not been modified since the file was signed. As long as a file is unchanged, reviewers can attach signatures to it. You might use a digital signature with important files. When you digitally sign a macro project, your digital signature says that you guarantee that the project is safe. Just as signed files remain signed until the file is modified, signed macro projects remain signed until the macro code is altered.