copy my digital certificates?

[Barn E. Fife]

I had to reinstall Office 2003 after assigning many files to my
digital certificate made by selfcert. Of course, I'm getting the macro
nag every time from Excel 2003 (I'm on medium security).

I don't want to resign and resave every .xls I can find, if for no
other reason that I'd pervert the file dates for no "meaningful"
reason. And even if I think I fixed them all, from time to time I'd
get hit, even though I signed them with the express intent to sail
right in without warning, at least on my own machine.

I found the old certificates that were backed up from C:\Documents and
Settings\MyNameHere\Application Data\Microsoft\SystemCertificates\My
\Certificates . I copied them back in following the reinstall of
Office 2003 and SP2. Is there another step I can take to put me back
in the "smooth sailing" I had before?

 

[Gord Dibben]

You may have to see if they are registered/stored in your Personal
Certificates Store.

Start>Run mmc

This opens the Management Console.

File>Add Snap-in........Certificates

Look in Personal and Trusted Publisher

If they are in there then your restoration would seem to be complete.

I have never restored as you did so no idea if simply putting them
back into the folder is adequate.


Gord

 

[Barn E. Fife]

Great reply. But Add Snap-in only shows an empty box; the dropdown
above only shows "Console Root" . So I clicked the add button for
certificates which put "Certificates - Current User" in the box
(indented under Console Root in the dropdown). But that's as far as I
can go there, beyond clicking About. On the Extensions tab everything
is grayed. In case it matters, I am not an Admin on this box, but can
call one down.

What you wrote did empower me to discover
http://office.microsoft.com/en-us/e...macros-for-stronger-security-RZ001161864.aspx
which looks like a genuinely useful (difficult for me to say when
speaking of Microsoft!) "learning course" on digital certificates and
macros. Quickly reading through it didn't appear to address my present
"restore" objective though.

As an aside, another desire would be to be able to pass a certificate
to a workmate so they are liberated from the warning prompt on my
creations - and I from warnings on theirs, if we both signed with it.
Could they just say they trust it, even though there's no according-to-
Hoyle certificate authority? That answer appears to be no from my
reading of http://office.microsoft.com/en-gb/h...rusted-publishers-for-macros-HP003089291.aspx
which says that self-cert is for one machine only.

Barney
It's Fife! Not Google!

 

[Gord Dibben]

I don't know what to say about loading the Snap-in but not displaying
the list.

I have a user on my computer who has no Admin rights but is able to
access the list of Certificates.

When you click on File>Add/Remove Snap-ins do you get a long list of
available snap-ins?

Are you able to select Certificates and hit the Add button to add to
the right-side panel?

As far as transferring a self-cert to another computer.........you
cannot.

You have no signed key for that type of certificate.

That would be necessary to export the certificate to another computer.


Gord

 

[Barn E. Fife]

When you click on File>Add/Remove Snap-ins do you get a long list of

available snap-ins?

It's empty

Are you able to select Certificates and hit the Add button to add to
the right-side panel?

I don't show a right side panel on mine (XP SP2) - there's a dropbox,
a (currently all white, or empty) pane beneath that and buttons
Add,Remove,and About; and OK and Cancel. I can click add and on the
popup select Certificates, hit add there, and "Certificates-Current
User" appears. That's as far as I get, and the window where you'd
expect to see them is empty. And even that choice doesn't persist if I
close/reopen MMC.

Thanks for your interest and effort to explore this.

 

[Gord Dibben]

One more look<g>

Open MMC and File>Options.........Under Console Mode which option is
chosen?

I think you might be in User..limited access.....single window.

Can you select Author or User-Full access Apply>OK and Save that
mode?

Close and re-open.


Gord

 

[Barn E. Fife]

Alas, yes, I'm in author mode, but impotent.

One more look<g>

I'll take it, and anyone else who has the answer, now or months later
- because it's quite an aggravation - all day long I'm answering macro
nags on my own files. 'Fer cryin' out loud, I backed up the selfcert
certificates! But so far, seemingly to no avail.

Since I chopped off the quote trail, if anyone needs it: I reinstalled
XP and Office 2003 (and 2007 coexisting, because I enjoy torture), SP2-
d Office2003, copied contents of \keys and \certificates directories
from backup ... and hoped that would allow my old selfcert
certificates to avert macro warnings for my own files.

 

[Barn E. Fife]

I fear my last reply got munched so forgive duplication. Alas, yes,
author mode, yet still impotent.

I chopped the quote trail along the way here but if anyone needs
context: I backed up the \KEYS\ and \CERTIFICATES\ directories before
a reinstall of XP, Office 2003, SP2. I copied them into the new XP
profile but still get the macro warning, on files that a week ago used
those same keys and certificates to open without the nag.

One more look<g>

Thanks - I'll take it! I'm sick of the macro prompts. Very likely, if
someone hits this even many months later with a solution it will be
still valuable.

 

[Gord Dibben]

Build a new one and start adding to each workbook as you run into the
nag.

I use one for all my workbooks in 2003................not needed in
2007


Gord

 

[Barn E. Fife]

Not to whine at you Gord - I truly appreciate your great interest and
effort - but I appeal to anyone if they learn a way to adapt the
existing certs (or maybe create new ones with the same name that
work). I just hate to burn the file dates which are invaluable
history. (If there's no other way out, I will probably cobble
together some sort of file date touching mechanism with a .BAT file.
If the loony-toon Microsoft design baboons don't insanely destroy DOS
prompts and .BATs first, I may go something like
readdate %1 > c:\tempdate.tmp
excel.exe %1
stampdat %1 c:\tempdate.tmp