Difficulties signing the vba project code

Copper Contributor

I face difficulties when I want to sign an Excel vba project. The error "A problem occured with the digital certificate. The VBA-project can't be provided by a digital signature. The signature is being removed".
We are using an USB key of DigiCert (EV code signing with SHA2 encryption) and signing works correctly for exe's and dll's. Everything looks okay from DigiCert point of view.

The error does occur when I want to save the Excel file.

I can sign without problems when it is a self issued certificate.

Some time ago this was working well.

10 Replies

@BernardW Did you ever find a solution to this issue - I am experiencing this issue on a newly purchased Digicert EV token.  Thank you

We find ourselves in the exact same situation, since May this year (2022) when we renewed our EV Code Signing certificate. Ever since we renewed and started using the new USB token, the problem appeared. Beforehand (previous two renewals) it was working fine - instead of the dreaded "There was a problem with the Digital Certificate. The VBA Project could not be signed. The signature will be discarded." error we would get a popup window from "SafeNet Authentication Client" asking us to input the token password. If the correct password was provided, the VBA Editor would sign and save the project.
After the issue first appeared in May this year (2022), when renewing with the provider we had been successfully using during the previous two years (Sectigo), we have since (this September) purchased a new EV Code Signing certificate from DigiCert. Unfortunately, the behavior is exactly the same. I have a suspicion that the issue may NOT be with the CA (Sectigo/DigiCert), but rather with the manufacturer/supplier they both use for the USB hardware tokens - it used to be "Gemalto" before May this year (when VBA signing worked) and now it is "Thales".
The change in USB hardware token manufacturer/supplier can also be seen in the branding of the "SafeNet Authentication Client" software - it used to be "Gemalto" in earlier versions, while it now reads "Thales". In the next few days, I will log our issues and findings with DigiCert technical support, asking them to investigate further and raise this with Thales, if necessary. I will share any progress and hopefully a successful resolution here.
P. S. A similar issue has been reported as recently as the beginning of this month on StackOverflow: https://stackoverflow.com/questions/73584355/signing-vba-code-in-excel-xlsm-files-there-was-a-proble...

@yasensimeonov Digicert sent us an older version of the SafeNet software - version 10.8.2154.0

 

This version does work when signing VBA macros.  Anyone at our firm with a newer version cannot sign macros. 

@Anna-Lawgic This (10.8.2154.0) is the default version of the SafeNet Authentication client that DigiCert asked us to install when we received and initiated the token. Yet it still does not work with signing Excel VBA projects/macros for us:

20220912_SafeNetAuthenticationClient_About.png

My apologies - it's a 10.0 version that works with VBA.

This is the link sent to me by their support team: https://drive.google.com/file/d/1mcrBcb_pMGGYp2q4nHfOWR8lC81CwYDP/view?usp=sharing

@Anna-Lawgic Thank you! I will keep this version, but abstain from installing it (for now) until I get a response from DigiCert support. Version 10.0 seems a bit too old for me, I remember we were able to sign VBA with a more recent version like 10.5 (or newer) pre-May 2022.

 

Actually found this version history/release log of SafeNet Authentication Client: https://data-protection-updates.gemalto.com/category/safenet-authentication-client/ 

According to that, the two previous Windows releases are:

1) 10.8 R5 (July 2021): https://data-protection-updates.gemalto.com/2021/07/01/sac-10-8-r5-for-windows-sac-low-level-sdk-1-6... 

2) 10.8 R2 (July 2020): https://data-protection-updates.gemalto.com/2020/07/30/safenet-authentication-client-sac-10-8-r2-for... 

 

Hopefully DigiCert support can point us to the most recent VBA-compatible/signable version, so that we don't miss out on other purposes we use the EV cert for - like .exe/.dll/.msi installer signing.

Let us know if they send you something newer that works and we'll move to that too. We have one VBA person using this version and everyone else using the latest and greatest.

@Anna-Lawgic , finally solved this. Turns out we can actually use the latest version (10.8 R6) of the SafeNet Auth Client software AND sign Excel/Office VBA, we just need to add one Windows Registry key and value.

Finally found some spare time to summarize my findings in a post on StackOverflow, you can find it here: https://stackoverflow.com/a/74267125/9535720 

@yasensimeonov 

We finaly solved this by re installing Windows and review the place of the sign server in the network. Many thanks for all the reply.