I need help with a perplexing problem. What we have done here at my company is created a slew of MS Word Docs with macros including VBA code, they are to be used by one particular department. We want to keep the macro security set to high on the client PC's so therefore we need to sign the macros with digital certificates. Here is the problem, we DO NOT want to purchase certificates from a third party, nor do we want to use "selfcert". We have been able to create certs and sign the macros, then install the cert on the client pc enabling the end user to use the macro without a macro security dialog box popping up. The snag is that once a cert is created it can only be used to sign the macro by one developer, as the private key gets installed on his pc. If another developer wants to sign a macro he needs to create a seperate cert. This poses a problem for the end user as they have to install multiple certs. How can we issue one cert that can be used by multiple developers, or one developer on multiple machines, so the end users only have one cert to install on the client pc's?
MS Certification Authority Question
- Thread starter cloksin
- Start date
hmmm... an interesting problem, that I think sadly has no answer.
certs are signed to say that the issuing authority, (the computer) is secure, not that the development team are secure...
the only things that I can suggest are.
use multiple certs and install the certificates on the departments PCs using group policies so that take a lot of the work out of it.
or finish all the documents /macros etc with a build machine, then it's only that one machine that will need to have a certificate.
this works well with most software development teams as there is usually a 'head' coder/team leader who will quality check the code or compile final executables etc anyway.
I'm assuming that all your code is tested before it's delivered, so you could make signing the code a final step of your test process, i.e functionality is signed off and then the documents are signed on a single test machine or something.
certs are signed to say that the issuing authority, (the computer) is secure, not that the development team are secure...
the only things that I can suggest are.
use multiple certs and install the certificates on the departments PCs using group policies so that take a lot of the work out of it.
or finish all the documents /macros etc with a build machine, then it's only that one machine that will need to have a certificate.
this works well with most software development teams as there is usually a 'head' coder/team leader who will quality check the code or compile final executables etc anyway.
I'm assuming that all your code is tested before it's delivered, so you could make signing the code a final step of your test process, i.e functionality is signed off and then the documents are signed on a single test machine or something.
