Forum Discussion
Signing VBA in Word
Hello. I am attempting to sign VBA in a Word file. I imported a PFX file to my Personal Certificates (via edge://settings/privacy). I also confirmed the import via certmgr.msc (it's there under Personal...Certificates)
This PFX is used for a server TLS which I maintain (in addition to the server leaf cert, the PFX contains the intermediate and root self-signed organization certs...both are pre-loaded in everybody's Windows Trust Stores).
So my thinking is to sign the VBA with this server PFX then via chain of trust, the VBA signature will be verified when walked back to the root by the client.
Anyway, in MS Word...Developer....Tools...Digital Signature....
when I choose "Sign as" and Choose button, I get the "No usable signing certificates are available"
Anybody have any ideas? I've googled all over and all day.. Does the "Certificate intended purpose" have anything to do with it not being available?
thank you so much for reading.
H, a little additional information which only deepens this. I looked into the Intended Purposes of the PFX Cert file a little more.
1) When I click "VIEW" on the Certificate (via edge://settings/privacy)...scroll to Enhanced Key Usage..., I see only Server Authentication.
However, if I click Edit Properties on any field in the list...the Certificate Properties is set to "Enable all purposes...."
2) If I go back to the list of Personal Certificates (via edge://settings/privacy), and click the ADVANCED button, I see Code Signing checked, but only Server Authentication shows above....
3) So not sure why the discrepancy and how to get the enabled Code Signing and Time Stamping, as they are checked in the second image, into the Enhanced Key Usage property (where only Server Authentication is listed). Thank you so much for reading and for your consideration.
Please check certificate intended purpose:
- Opening the certificate in the Certificates MMC (certmgr.msc)
- Navigating to the Details tab
- Looking for the Enhanced Key Usage field. It should list Code Signing
- Hi Kidd_Ip, thank you so much. Yeah, I had checked crtmgr.msc and it says Server Authentication. i was just reading how TLS certs are different than code signing certs but found it strange in the second screenshot above how "Code Signing" and "Time Stamping" are selected among Certificate Purposes. Yet they don't show up in Intended Purposes. I wonder if Windows is able to read something inside the PFX structure to tell it that the cert is only a "Server Authentication" cert.
