How-To

How to Create a Self-Signed Digital Certificate in Microsoft Office 2016

In this article, I’m going to review Creating Self-Signed certs using the latest version of Microsoft Office 2016

One of the most compelling parts of the Microsoft Office productivity suite for power users is automating functionality using Visual Basic for Application code. Applications such as Word, Excel, and Outlook can be used to create Macros. Macros are small bits of programming code used for performing repetitive tasks. In versions of Office before 2007, VBA support was notorious for being exploited. Since then, Microsoft has enhanced the security within the suite, limiting the impact of rogue code causing potential damage.

Previously, we showed you how to set up and configure a Self-Signed Digital Certificate in Office 2010. Since then, some things have changed in the Office 2016 release. In this article, I’m going to review Creating Self-Signed certs using the latest version of Office.

Setup Self-Signed Digital Certificate in Office 2016 Applications

The Digital Certificate for VBA Projects can now be found within Program Files > Microsoft Office > root > Office16.

Office Digital Certificate

Double click the SELFCERT file, enter a name for your Digital Certificate, then click OK.

digi cert o16 2

Launch any of the Office applications you would like to use the digital certificate in. For this article, I am going to use Excel. The first thing you will need to do is enable the Developer tab. Click File > Options > Customize Ribbon > check the box Developer then click OK.

digi cert o16 3

Select the Developer tab, then click the Macro Security button within the Code group, select the Enable all Macros radio box, then click OK.

digi cert o16 1a

Within the Code group, click Visual Basic. The Visual Basic for Applications component will be launched. Next, click Tools, then click Digital Signature.

digi cert o16 4

Click Choose, the recently created digital certificate will be presented. Click OK, then proceed to save your project.

digi cert o16 5

Ensuring your Macros Work

I noted earlier; Microsoft has made security changes to how Macros work in Office applications over the years. Saving your Macro’s is not allowed in a standard workbook or document.

Macro enabled one

Instead, users must correctly choose Macro-Enabled as the file type when saving.

Macro enabled two

Users can manage their signed certificate by using launching Internet Options. First, click Start, then type: internet options, hit Enter on your keyboard, select the Content tab, then click Manage Certificates. Here you have the choice of deleting or exporting your certificate for use on another computer.

manage certificates

Check out our previous example of how to set up a handy Macro in Microsoft Outlook for enabling Blind Carbon Copy.

4 Comments

4 Comments

  1. Kathy

    April 5, 2017 at 1:08 pm

    The main problem is that a dotm which is already signed, will keep the signature’s document variables, even if the VBA is edited and during those edits new document variables may be added. Saving the file again, your timestamping routine seems to assume that YOUR document variables are the last ones that have been added (i.e. the ID is equal to the COUNT). That may not be the case though.

    We find that a new file created from our template will crash Word when closed without saving under the condition that your document variables are not the last one in the collection (i.e. if your document variable id is equal to the count then that’s ok, if we have another one added and your’s is not the last one, then Word crashes).

    If we are adding document variables after the file has been signed for the first time and then save again (thus re-signing it), your routine re-uses the already existing document variables rather than creating new (last) ones. Therefore your document variables aren’t the last ones (which you may assume somewhere in your code?). Word crashes if we create a new file from such a template and exit the file without saving it. We can recreate this. However, we can also re-create the fix of removing the signature (and manually removing your document variables which aren’t removed when the signature is removed – shouldn’t it do that?? ). If we only remove the signature and then re-sign it after changing our VBA part and the document variables, it crashes again (suggesting that you’re re-using the variables if found). However, if we manually remove the doc variables and then re-sign, our templates remain stable and don’t crash Word.

    We can produce a file ‘Before’ and After if you would like to see what this means in reality but it would probably be a good idea to do a screen-share with someone technical to demonstrate.

    Thanks
    Kathy

  2. Michael Mayer

    May 13, 2017 at 12:33 am

    Word 2013
    This works for Word 2013. Thanks very much.

    “recoverable signature”
    I had a problem after inserting an image of my signature: “recoverable signature”.
    this helped resolve that issue:
    First, I double-clicked the signature line in the saved document with the red text reading “Recoverable Signature”.
    In the dialog box, there is a warning about the signature. Click “Trust this signature…”
    https://answers.microsoft.com/en-us/office/forum/office_365hp-word/the-certificate-you-selected-cannot-be-verified/4bb05f5c-9c56-4476-a914-37029321b267

  3. Wally

    June 21, 2017 at 6:29 pm

    Thank you for your post, Andre! It works for my macros in Outlook 2016! Why can’t Microsoft post such useful information… :)

  4. Mike

    August 20, 2020 at 8:10 am

    You defeat the whole purpose of using digital certificates by selecting “Enable all macros” under Macro Settings in the Office Trust Center. To securely open documents signed with a digital certificate you obviously want this set to “Disable all macros except digitally signed macros.”

    But in order for this to work, the list of Trusted Publishers in the Office Trust Center must include certificates for all publishers you need to trust, including any certificates you created with SelfCert.exe. You need to use the “Internet Properties” dialog you mention in your last step. First export your certificate listed under the “Personal” tab to a .CER file, and then import that file under the “Trusted Publishers” tab.

    Anyway, I recommend avoiding certificates with Office apps if at all possible. I prefer to use the “Trusted Folders” feature to set up specific areas where macro-based Office documents and apps can be executed without warnings. If you work with Access files in .accdb or .accde format, it is also realistically the only option.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

To Top