Self-Signing an Access 2000 mde does not work

[rdemyan via AccessMonster.com]

I have an Access database that has A2K format. I recently installed A2003.
I created a digital certificate and self-signed the code in A2003 (however,
format is A2K). I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003. It tells me that "The code or
macros in this file do not match the digital signature......." It won't
allow the file to be opened.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting the
same error message. Fortunately, I can just change the macro security
setting to Low and then resign the code and that works. But my company will
not allow Access to run at anything other than Medium security.

I guess the act of creating the .mde file caused a change and now A2003 will
not open the file if the Security is anything other than Low.

So is there any workaround or is this the end of the road for my A2K mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

['69 Camaro]

Hi.

I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003.

Of course not. The new MDE file is a different file from the MDB file that
you signed. Good thing you didn't do this to the file before the service
pack was installed. You would have corrupted the file beyond repair by
opening it in Access 2000 after it had been digitally signed, because Access
2000 database format doesn't support digital signatures.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting
the
same error message.

It's not strange at all. It's by design. You invalidated the digital
signature by opening the file in Access 2000 and running the MDE conversion
utility. To explain, you opened the MDB file in Access 2000, which doesn't
support digital signatures, so slight changes were made to the file in order
to successfully create the MDE file, making it "altered" from the original.
If a signed file has been altered, then the digital signature becomes
invalid. That's what digital signatures are for.

So is there any workaround

No. Access 2003 is the first version of Access that supports digital
signatures. Don't try to put a digital signature on files from earlier
database formats, because they don't support digital signatures and aren't
going to be retrofitted to do so in the future.

is this the end of the road for my A2K mde?

Of course not. Access 2000 MDE's will run just fine in Access 2000, Access
2002, and Access 2003 (when Access 2003's Macro Security is set to low).

Is this a problem with an A2003 mde.

No. Access 2003 database format files are designed to work with digital
signatures. Why would you think that failure in applying a digital
signature to a database format file that doesn't support digital signatures
should yield the same result for a database format that does support digital
signatures?

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

['69 Camaro]

Hi.

I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003.

Of course not. The new MDE file is a different file from the MDB file that
you signed. Good thing you didn't do this to the file before the service
pack was installed. You would have corrupted the file beyond repair by
opening it in Access 2000 after it had been digitally signed, because Access
2000 database format doesn't support digital signatures.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting
the
same error message.

It's not strange at all. It's by design. You invalidated the digital
signature by opening the file in Access 2000 and running the MDE conversion
utility. To explain, you opened the MDB file in Access 2000, which doesn't
support digital signatures, so slight changes were made to the file in order
to successfully create the MDE file, making it "altered" from the original.
If a signed file has been altered, then the digital signature becomes
invalid. That's what digital signatures are for.

So is there any workaround

No. Access 2003 is the first version of Access that supports digital
signatures. Don't try to put a digital signature on files from earlier
database formats, because they don't support digital signatures and aren't
going to be retrofitted to do so in the future.

is this the end of the road for my A2K mde?

Of course not. Access 2000 MDE's will run just fine in Access 2000, Access
2002, and Access 2003 (when Access 2003's Macro Security is set to low).

Is this a problem with an A2003 mde.

No. Access 2003 database format files are designed to work with digital
signatures. Why would you think that failure in applying a digital
signature to a database format file that doesn't support digital signatures
should yield the same result for a database format that does support digital
signatures?

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[rdemyan via AccessMonster.com]

Thanks, Gunny:

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.

Speaking of that, the "company" that I work with has taken control of the
computers. No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail system.
I'm wondering about getting a digital certificate from Verisign or Thawte. I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

Could I test this out by trying to import a self certificate authority. I
tried this with one of my own computers and the import said it worked fine,
but I couldn't find the CA anywhere for use. I probably don't know what I'm
doing.

More insight is greatly appreciated.

Thanks.

Hi.

I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003.

Of course not. The new MDE file is a different file from the MDB file that
you signed. Good thing you didn't do this to the file before the service
pack was installed. You would have corrupted the file beyond repair by
opening it in Access 2000 after it had been digitally signed, because Access
2000 database format doesn't support digital signatures.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting
the
same error message.

It's not strange at all. It's by design. You invalidated the digital
signature by opening the file in Access 2000 and running the MDE conversion
utility. To explain, you opened the MDB file in Access 2000, which doesn't
support digital signatures, so slight changes were made to the file in order
to successfully create the MDE file, making it "altered" from the original.
If a signed file has been altered, then the digital signature becomes
invalid. That's what digital signatures are for.

So is there any workaround

No. Access 2003 is the first version of Access that supports digital
signatures. Don't try to put a digital signature on files from earlier
database formats, because they don't support digital signatures and aren't
going to be retrofitted to do so in the future.

is this the end of the road for my A2K mde?

Of course not. Access 2000 MDE's will run just fine in Access 2000, Access
2002, and Access 2003 (when Access 2003's Macro Security is set to low).

Is this a problem with an A2003 mde.

No. Access 2003 database format files are designed to work with digital
signatures. Why would you think that failure in applying a digital
signature to a database format file that doesn't support digital signatures
should yield the same result for a database format that does support digital
signatures?

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

I have an Access database that has A2K format. I recently installed A2003.
I created a digital certificate and self-signed the code in A2003

[quoted text clipped - 19 lines]

So is there any workaround or is this the end of the road for my A2K mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

[rdemyan via AccessMonster.com]

Thanks, Gunny:

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.

Speaking of that, the "company" that I work with has taken control of the
computers. No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail system.
I'm wondering about getting a digital certificate from Verisign or Thawte. I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

Could I test this out by trying to import a self certificate authority. I
tried this with one of my own computers and the import said it worked fine,
but I couldn't find the CA anywhere for use. I probably don't know what I'm
doing.

More insight is greatly appreciated.

Thanks.

Hi.

I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003.

Of course not. The new MDE file is a different file from the MDB file that
you signed. Good thing you didn't do this to the file before the service
pack was installed. You would have corrupted the file beyond repair by
opening it in Access 2000 after it had been digitally signed, because Access
2000 database format doesn't support digital signatures.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting
the
same error message.

It's not strange at all. It's by design. You invalidated the digital
signature by opening the file in Access 2000 and running the MDE conversion
utility. To explain, you opened the MDB file in Access 2000, which doesn't
support digital signatures, so slight changes were made to the file in order
to successfully create the MDE file, making it "altered" from the original.
If a signed file has been altered, then the digital signature becomes
invalid. That's what digital signatures are for.

So is there any workaround

No. Access 2003 is the first version of Access that supports digital
signatures. Don't try to put a digital signature on files from earlier
database formats, because they don't support digital signatures and aren't
going to be retrofitted to do so in the future.

is this the end of the road for my A2K mde?

Of course not. Access 2000 MDE's will run just fine in Access 2000, Access
2002, and Access 2003 (when Access 2003's Macro Security is set to low).

Is this a problem with an A2003 mde.

No. Access 2003 database format files are designed to work with digital
signatures. Why would you think that failure in applying a digital
signature to a database format file that doesn't support digital signatures
should yield the same result for a database format that does support digital
signatures?

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

I have an Access database that has A2K format. I recently installed A2003.
I created a digital certificate and self-signed the code in A2003

[quoted text clipped - 19 lines]

So is there any workaround or is this the end of the road for my A2K mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

['69 Camaro]

Hi.

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.
Yes.

No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail system.

They've been hit hard with Windows security problems and irresponsible users
that they found out cost them dearly. Send only zipped files that have been
virus-checked and renamed to a different file extension that isn't blocked,
such as .Nut.

I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

You probably won't be able to install the certificates on their computers
without their cooperation, i.e., one of their IT guys logging into each
computer as the Administrator to install the digital certificate.

Could I test this out by trying to import a self certificate authority.

Yes. A SelfCert digital certificate will work for medium level Macro
Security, but not for high.

I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

This article for installing a SelfCert digital certificate on multiple
computers for Word documents may give you some clues:

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Thanks, Gunny:

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.

Speaking of that, the "company" that I work with has taken control of the
computers. No one has adminstration rights on their computers,
executables
cannot be installed and zip files won't make it through the e-mail system.
I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

Could I test this out by trying to import a self certificate authority. I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

More insight is greatly appreciated.

Thanks.

Hi.

I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003.

Of course not. The new MDE file is a different file from the MDB file
that
you signed. Good thing you didn't do this to the file before the service
pack was installed. You would have corrupted the file beyond repair by
opening it in Access 2000 after it had been digitally signed, because
Access
2000 database format doesn't support digital signatures.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting
the
same error message.

It's not strange at all. It's by design. You invalidated the digital
signature by opening the file in Access 2000 and running the MDE
conversion
utility. To explain, you opened the MDB file in Access 2000, which
doesn't
support digital signatures, so slight changes were made to the file in
order
to successfully create the MDE file, making it "altered" from the
original.
If a signed file has been altered, then the digital signature becomes
invalid. That's what digital signatures are for.

So is there any workaround

No. Access 2003 is the first version of Access that supports digital
signatures. Don't try to put a digital signature on files from earlier
database formats, because they don't support digital signatures and aren't
going to be retrofitted to do so in the future.

is this the end of the road for my A2K mde?

Of course not. Access 2000 MDE's will run just fine in Access 2000,
Access
2002, and Access 2003 (when Access 2003's Macro Security is set to low).

Is this a problem with an A2003 mde.

No. Access 2003 database format files are designed to work with digital
signatures. Why would you think that failure in applying a digital
signature to a database format file that doesn't support digital
signatures
should yield the same result for a database format that does support
digital
signatures?

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

I have an Access database that has A2K format. I recently installed
A2003.
I created a digital certificate and self-signed the code in A2003

[quoted text clipped - 19 lines]

So is there any workaround or is this the end of the road for my A2K
mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

['69 Camaro]

Hi.

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.
Yes.

No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail system.

They've been hit hard with Windows security problems and irresponsible users
that they found out cost them dearly. Send only zipped files that have been
virus-checked and renamed to a different file extension that isn't blocked,
such as .Nut.

I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

You probably won't be able to install the certificates on their computers
without their cooperation, i.e., one of their IT guys logging into each
computer as the Administrator to install the digital certificate.

Could I test this out by trying to import a self certificate authority.

Yes. A SelfCert digital certificate will work for medium level Macro
Security, but not for high.

I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

This article for installing a SelfCert digital certificate on multiple
computers for Word documents may give you some clues:

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Thanks, Gunny:

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.

Speaking of that, the "company" that I work with has taken control of the
computers. No one has adminstration rights on their computers,
executables
cannot be installed and zip files won't make it through the e-mail system.
I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

Could I test this out by trying to import a self certificate authority. I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

More insight is greatly appreciated.

Thanks.

Hi.

I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003.

Of course not. The new MDE file is a different file from the MDB file
that
you signed. Good thing you didn't do this to the file before the service
pack was installed. You would have corrupted the file beyond repair by
opening it in Access 2000 after it had been digitally signed, because
Access
2000 database format doesn't support digital signatures.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting
the
same error message.

It's not strange at all. It's by design. You invalidated the digital
signature by opening the file in Access 2000 and running the MDE
conversion
utility. To explain, you opened the MDB file in Access 2000, which
doesn't
support digital signatures, so slight changes were made to the file in
order
to successfully create the MDE file, making it "altered" from the
original.
If a signed file has been altered, then the digital signature becomes
invalid. That's what digital signatures are for.

So is there any workaround

No. Access 2003 is the first version of Access that supports digital
signatures. Don't try to put a digital signature on files from earlier
database formats, because they don't support digital signatures and aren't
going to be retrofitted to do so in the future.

is this the end of the road for my A2K mde?

Of course not. Access 2000 MDE's will run just fine in Access 2000,
Access
2002, and Access 2003 (when Access 2003's Macro Security is set to low).

Is this a problem with an A2003 mde.

No. Access 2003 database format files are designed to work with digital
signatures. Why would you think that failure in applying a digital
signature to a database format file that doesn't support digital
signatures
should yield the same result for a database format that does support
digital
signatures?

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

I have an Access database that has A2K format. I recently installed
A2003.
I created a digital certificate and self-signed the code in A2003

[quoted text clipped - 19 lines]

So is there any workaround or is this the end of the road for my A2K
mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

['69 Camaro]

Hi.

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.
Yes.

No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail system.

It means that they've been hit hard with Windows security problems and
irresponsible users, and found out it cost them dearly. Send only zipped
files that have been virus-checked and the file name extension changed to
one that isn't blocked, such as .Nut.

I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

It's unlikely that you'll be able to install the certificates without the
cooperation of their IT department, i.e., one of their IT guys logging into
each computer and installing the certificate for you.

Could I test this out by trying to import a self certificate authority.

Yes. However, SelfCert digital certificates will only work for medium level
Macro Security, not high level.

I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

Perhaps the following article for installing a SelfCert digital certificate
on multiple computers for Word documents will give you some clues:

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Thanks, Gunny:

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.

Speaking of that, the "company" that I work with has taken control of the
computers. No one has adminstration rights on their computers,
executables
cannot be installed and zip files won't make it through the e-mail system.
I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

Could I test this out by trying to import a self certificate authority. I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

More insight is greatly appreciated.

Thanks.

Hi.

I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003.

Of course not. The new MDE file is a different file from the MDB file
that
you signed. Good thing you didn't do this to the file before the service
pack was installed. You would have corrupted the file beyond repair by
opening it in Access 2000 after it had been digitally signed, because
Access
2000 database format doesn't support digital signatures.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting
the
same error message.

It's not strange at all. It's by design. You invalidated the digital
signature by opening the file in Access 2000 and running the MDE
conversion
utility. To explain, you opened the MDB file in Access 2000, which
doesn't
support digital signatures, so slight changes were made to the file in
order
to successfully create the MDE file, making it "altered" from the
original.
If a signed file has been altered, then the digital signature becomes
invalid. That's what digital signatures are for.

So is there any workaround

No. Access 2003 is the first version of Access that supports digital
signatures. Don't try to put a digital signature on files from earlier
database formats, because they don't support digital signatures and aren't
going to be retrofitted to do so in the future.

is this the end of the road for my A2K mde?

Of course not. Access 2000 MDE's will run just fine in Access 2000,
Access
2002, and Access 2003 (when Access 2003's Macro Security is set to low).

Is this a problem with an A2003 mde.

No. Access 2003 database format files are designed to work with digital
signatures. Why would you think that failure in applying a digital
signature to a database format file that doesn't support digital
signatures
should yield the same result for a database format that does support
digital
signatures?

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

I have an Access database that has A2K format. I recently installed
A2003.
I created a digital certificate and self-signed the code in A2003

[quoted text clipped - 19 lines]

So is there any workaround or is this the end of the road for my A2K
mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

['69 Camaro]

Hi.

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.
Yes.

No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail system.

It means that they've been hit hard with Windows security problems and
irresponsible users, and found out it cost them dearly. Send only zipped
files that have been virus-checked and the file name extension changed to
one that isn't blocked, such as .Nut.

I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

It's unlikely that you'll be able to install the certificates without the
cooperation of their IT department, i.e., one of their IT guys logging into
each computer and installing the certificate for you.

Could I test this out by trying to import a self certificate authority.

Yes. However, SelfCert digital certificates will only work for medium level
Macro Security, not high level.

I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

Perhaps the following article for installing a SelfCert digital certificate
on multiple computers for Word documents will give you some clues:

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Thanks, Gunny:

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.

Speaking of that, the "company" that I work with has taken control of the
computers. No one has adminstration rights on their computers,
executables
cannot be installed and zip files won't make it through the e-mail system.
I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

Could I test this out by trying to import a self certificate authority. I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

More insight is greatly appreciated.

Thanks.

Hi.

I then opened up A2K and created a .mde file from the mdb
file that was just self-signed.

Now I cannot open the .mde file in A2003.

Of course not. The new MDE file is a different file from the MDB file
that
you signed. Good thing you didn't do this to the file before the service
pack was installed. You would have corrupted the file beyond repair by
opening it in Access 2000 after it had been digitally signed, because
Access
2000 database format doesn't support digital signatures.

Strangely, the .mdb file can't be opened either in A2003 and I'm getting
the
same error message.

It's not strange at all. It's by design. You invalidated the digital
signature by opening the file in Access 2000 and running the MDE
conversion
utility. To explain, you opened the MDB file in Access 2000, which
doesn't
support digital signatures, so slight changes were made to the file in
order
to successfully create the MDE file, making it "altered" from the
original.
If a signed file has been altered, then the digital signature becomes
invalid. That's what digital signatures are for.

So is there any workaround

No. Access 2003 is the first version of Access that supports digital
signatures. Don't try to put a digital signature on files from earlier
database formats, because they don't support digital signatures and aren't
going to be retrofitted to do so in the future.

is this the end of the road for my A2K mde?

Of course not. Access 2000 MDE's will run just fine in Access 2000,
Access
2002, and Access 2003 (when Access 2003's Macro Security is set to low).

Is this a problem with an A2003 mde.

No. Access 2003 database format files are designed to work with digital
signatures. Why would you think that failure in applying a digital
signature to a database format file that doesn't support digital
signatures
should yield the same result for a database format that does support
digital
signatures?

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

I have an Access database that has A2K format. I recently installed
A2003.
I created a digital certificate and self-signed the code in A2003

[quoted text clipped - 19 lines]

So is there any workaround or is this the end of the road for my A2K
mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

[rdemyan via AccessMonster.com]

Well, I'm at the clients and it looks like I was able to successfully install
a self-signed digital certificate (code was signed on my laptop) on one of
their machines. However, one of the two messages is still coming up.

The first message: "Security Warning: Unsafe expressions are not blocked. ....
....."
This message still appears.

The second message: ".....This file may not be safe if it contains code that
is intended to harm your computer...."
This message is now gone.

I'm unclear on why the first message didn't disappear as well after the self-
signed certificate was installed.

Macro security is set to medium.

Thanks.

Hi.

I guess this means that I'll need to convert to A2003 format if I want to
create a .mde file that can use digital signatures.
Yes.

No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail system.

It means that they've been hit hard with Windows security problems and
irresponsible users, and found out it cost them dearly. Send only zipped
files that have been virus-checked and the file name extension changed to
one that isn't blocked, such as .Nut.

I'm wondering about getting a digital certificate from Verisign or Thawte.
I
don't even know if I'll be able to install it on their computers, and I'd
prefer not to blow a few hundred bucks.

It's unlikely that you'll be able to install the certificates without the
cooperation of their IT department, i.e., one of their IT guys logging into
each computer and installing the certificate for you.

Could I test this out by trying to import a self certificate authority.

Yes. However, SelfCert digital certificates will only work for medium level
Macro Security, not high level.

I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

Perhaps the following article for installing a SelfCert digital certificate
on multiple computers for Word documents will give you some clues:

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Thanks, Gunny:

[quoted text clipped - 90 lines]

 

['69 Camaro]

Hi.

The first message: "Security Warning: Unsafe expressions are not blocked.
....
...."
This message still appears.

It's a separate issue which has been enabled with Jet 4.0 SP-8. Press the
"Yes" button. This should make a change in the Windows Registry, and you
shouldn't see this prompt again on that computer, no matter which user is
logged in. If you do, then it means that either this user doesn't have
sufficient permissions to make this Registry change and an Administrator
needs to log on to make the change, or it means that group policy is
rewriting your setting, and there's nothing you can do about it except try
to reason with management to get them to leave it alone.

I'm unclear on why the first message didn't disappear as well after the
self-
signed certificate was installed.

Setting the Macro Security level higher than low enables the user to choose
whether or not expressions are blocked by Jet. Until they're blocked, the
user will be prompted every time he opens a database, so most people choose
to have expressions blocked to get rid of this annoying prompt. When the
Macro Security level is later reduced to low, the user is prompted about
whether or not he wants to now allow the evaluation of potentially unsafe
expressions. Press the "Yes" button when this prompt comes up, and you
shouldn't be bothered by any more prompts unless a problem I've listed above
occurs, in which case, you know what to do.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Well, I'm at the clients and it looks like I was able to successfully
install
a self-signed digital certificate (code was signed on my laptop) on one of
their machines. However, one of the two messages is still coming up.

The first message: "Security Warning: Unsafe expressions are not blocked.
....
...."
This message still appears.

The second message: ".....This file may not be safe if it contains code
that
is intended to harm your computer...."
This message is now gone.

I'm unclear on why the first message didn't disappear as well after the
self-
signed certificate was installed.

Macro security is set to medium.

Thanks.

Hi.

I guess this means that I'll need to convert to A2003 format if I want
to
create a .mde file that can use digital signatures.
Yes.

No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail
system.

It means that they've been hit hard with Windows security problems and
irresponsible users, and found out it cost them dearly. Send only zipped
files that have been virus-checked and the file name extension changed to
one that isn't blocked, such as .Nut.

I'm wondering about getting a digital certificate from Verisign or
Thawte.
I
don't even know if I'll be able to install it on their computers, and
I'd
prefer not to blow a few hundred bucks.

It's unlikely that you'll be able to install the certificates without the
cooperation of their IT department, i.e., one of their IT guys logging
into
each computer and installing the certificate for you.

Could I test this out by trying to import a self certificate authority.

Yes. However, SelfCert digital certificates will only work for medium
level
Macro Security, not high level.

I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know what
I'm
doing.

Perhaps the following article for installing a SelfCert digital
certificate
on multiple computers for Word documents will give you some clues:

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Thanks, Gunny:

[quoted text clipped - 90 lines]

mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

['69 Camaro]

Oh, yeah. I forgot to mention that the user might voluntarily choose to
block potentially unsafe expressions again if he gets the prompt when he's
not running your digitally signed database file, in order to get rid of
these annoying prompts. He can't win.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Hi.

The first message: "Security Warning: Unsafe expressions are not blocked.
....
...."
This message still appears.

It's a separate issue which has been enabled with Jet 4.0 SP-8. Press the
"Yes" button. This should make a change in the Windows Registry, and you
shouldn't see this prompt again on that computer, no matter which user is
logged in. If you do, then it means that either this user doesn't have
sufficient permissions to make this Registry change and an Administrator
needs to log on to make the change, or it means that group policy is
rewriting your setting, and there's nothing you can do about it except try
to reason with management to get them to leave it alone.

I'm unclear on why the first message didn't disappear as well after the
self-
signed certificate was installed.

Setting the Macro Security level higher than low enables the user to
choose whether or not expressions are blocked by Jet. Until they're
blocked, the user will be prompted every time he opens a database, so most
people choose to have expressions blocked to get rid of this annoying
prompt. When the Macro Security level is later reduced to low, the user
is prompted about whether or not he wants to now allow the evaluation of
potentially unsafe expressions. Press the "Yes" button when this prompt
comes up, and you shouldn't be bothered by any more prompts unless a
problem I've listed above occurs, in which case, you know what to do.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Well, I'm at the clients and it looks like I was able to successfully
install
a self-signed digital certificate (code was signed on my laptop) on one
of
their machines. However, one of the two messages is still coming up.

The first message: "Security Warning: Unsafe expressions are not blocked.
....
...."
This message still appears.

The second message: ".....This file may not be safe if it contains code
that
is intended to harm your computer...."
This message is now gone.

I'm unclear on why the first message didn't disappear as well after the
self-
signed certificate was installed.

Macro security is set to medium.

Thanks.

Hi.

I guess this means that I'll need to convert to A2003 format if I want
to
create a .mde file that can use digital signatures.

Yes.

No one has adminstration rights on their computers, executables
cannot be installed and zip files won't make it through the e-mail
system.

It means that they've been hit hard with Windows security problems and
irresponsible users, and found out it cost them dearly. Send only zipped
files that have been virus-checked and the file name extension changed to
one that isn't blocked, such as .Nut.

I'm wondering about getting a digital certificate from Verisign or
Thawte.
I
don't even know if I'll be able to install it on their computers, and
I'd
prefer not to blow a few hundred bucks.

It's unlikely that you'll be able to install the certificates without the
cooperation of their IT department, i.e., one of their IT guys logging
into
each computer and installing the certificate for you.

Could I test this out by trying to import a self certificate authority.

Yes. However, SelfCert digital certificates will only work for medium
level
Macro Security, not high level.

I
tried this with one of my own computers and the import said it worked
fine,
but I couldn't find the CA anywhere for use. I probably don't know
what
I'm
doing.

Perhaps the following article for installing a SelfCert digital
certificate
on multiple computers for Word documents will give you some clues:

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Thanks, Gunny:

[quoted text clipped - 90 lines]
mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

[rdemyan via AccessMonster.com]

If I self-sign my app, then every time there is an update, the user will have
to go through the whole deal of getting the self-signature to work.

What happens if I get a certificate through a valid third-party (Verisign,
etc), when I send out an update to my app. Also, if the certificate expires,
then I suppose that users will have a message pop up every time they open the
app, just like one does on internet websites where a certificate has expired.

Thanks.

Oh, yeah. I forgot to mention that the user might voluntarily choose to
block potentially unsafe expressions again if he gets the prompt when he's
not running your digitally signed database file, in order to get rid of
these annoying prompts. He can't win.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Hi.

[quoted text clipped - 120 lines]

 

['69 Camaro]

Hi.

If I self-sign my app, then every time there is an update, the user will
have
to go through the whole deal of getting the self-signature to work.

Unless you're creating a whole new SelfCert digital certificate for each new
version of your application, then signing any Access 2003 database
application file with your specific digital signature will be accepted on
any computer with Access 2003 installed that has that digital signature as
"trusted" and the Macro Security set to Low or Medium.

What happens if I get a certificate through a valid third-party (Verisign,
etc), when I send out an update to my app.

As long as the user has "trusted" that digital signature, the user can open
the database file in Access 2003 without the warning prompt.

Also, if the certificate expires,
then I suppose that users will have a message pop up every time they open
the
app, just like one does on internet websites where a certificate has
expired.

How else is Verisign going to get repeat customers? ;-)

Actually, I don't think the user will get the same pop-up message advising
that the digital certificate has expired. I think the user will see the
same messages that are shown when an Access database file hasn't been
digitally signed when the Macro Security level is set to Medium or High. In
other words, there's no valid digital signature on the file, so the user is
warned when opening the file when the Macro Security level is not set to
Low.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

If I self-sign my app, then every time there is an update, the user will
have
to go through the whole deal of getting the self-signature to work.

What happens if I get a certificate through a valid third-party (Verisign,
etc), when I send out an update to my app. Also, if the certificate
expires,
then I suppose that users will have a message pop up every time they open
the
app, just like one does on internet websites where a certificate has
expired.

Thanks.

Oh, yeah. I forgot to mention that the user might voluntarily choose to
block potentially unsafe expressions again if he gets the prompt when he's
not running your digitally signed database file, in order to get rid of
these annoying prompts. He can't win.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Hi.

[quoted text clipped - 120 lines]

mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?

 

[rdemyan via AccessMonster.com]

Hi Gunny:

I just purchased and installed a Thawte certificate. I signed my code and
was able to open my application even with the security setting equal to High.
The certificate I purchased is for one year.

I then set my PC clock ahead by two years and reopened my app. This causes a
Security Warning to appear. It says that the file has been digitally signed
by 'XXXXX'. It also says:

"A certificate (signing or issuer) has expired".

However, in speaking with Thawte, if when the code is signed it is also
timestamped, then this message will not appear after certificate expiration
(as long as the code has not been changed). I tested this as well and sure
enough the Security Warning did not appear when I signed and timestamped my
code and set the PC clock ahead by 2 years.

Getting the signing process to timestamp the VBA code is not trivial. It
requires registry changes (at least with Thawte certificates). Thawte uses
the verisign server to do the timestamping.

Just thought I would share my experiences.

Hi.

If I self-sign my app, then every time there is an update, the user will
have
to go through the whole deal of getting the self-signature to work.

Unless you're creating a whole new SelfCert digital certificate for each new
version of your application, then signing any Access 2003 database
application file with your specific digital signature will be accepted on
any computer with Access 2003 installed that has that digital signature as
"trusted" and the Macro Security set to Low or Medium.

What happens if I get a certificate through a valid third-party (Verisign,
etc), when I send out an update to my app.

As long as the user has "trusted" that digital signature, the user can open
the database file in Access 2003 without the warning prompt.

Also, if the certificate expires,
then I suppose that users will have a message pop up every time they open
the
app, just like one does on internet websites where a certificate has
expired.

How else is Verisign going to get repeat customers? ;-)

Actually, I don't think the user will get the same pop-up message advising
that the digital certificate has expired. I think the user will see the
same messages that are shown when an Access database file hasn't been
digitally signed when the Macro Security level is set to Medium or High. In
other words, there's no valid digital signature on the file, so the user is
warned when opening the file when the Macro Security level is not set to
Low.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

If I self-sign my app, then every time there is an update, the user will
have

[quoted text clipped - 28 lines]

 

['69 Camaro]

Hi.

Just thought I would share my experiences.

Excellent. Thanks for sharing this information so that others may benefit,
too.

Getting the signing process to timestamp the VBA code is not trivial. It
requires registry changes (at least with Thawte certificates). Thawte
uses
the verisign server to do the timestamping.

Of which one new Windows Registry key I suspect is this one:

HKEY_Current_User\Software\Microsoft\VBA\Security\TimeStampURL

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

Hi Gunny:

I just purchased and installed a Thawte certificate. I signed my code and
was able to open my application even with the security setting equal to
High.
The certificate I purchased is for one year.

I then set my PC clock ahead by two years and reopened my app. This
causes a
Security Warning to appear. It says that the file has been digitally
signed
by 'XXXXX'. It also says:

"A certificate (signing or issuer) has expired".

However, in speaking with Thawte, if when the code is signed it is also
timestamped, then this message will not appear after certificate
expiration
(as long as the code has not been changed). I tested this as well and
sure
enough the Security Warning did not appear when I signed and timestamped
my
code and set the PC clock ahead by 2 years.

Getting the signing process to timestamp the VBA code is not trivial. It
requires registry changes (at least with Thawte certificates). Thawte
uses
the verisign server to do the timestamping.

Just thought I would share my experiences.

Hi.

If I self-sign my app, then every time there is an update, the user will
have
to go through the whole deal of getting the self-signature to work.

Unless you're creating a whole new SelfCert digital certificate for each
new
version of your application, then signing any Access 2003 database
application file with your specific digital signature will be accepted on
any computer with Access 2003 installed that has that digital signature as
"trusted" and the Macro Security set to Low or Medium.

What happens if I get a certificate through a valid third-party
(Verisign,
etc), when I send out an update to my app.

As long as the user has "trusted" that digital signature, the user can
open
the database file in Access 2003 without the warning prompt.

Also, if the certificate expires,
then I suppose that users will have a message pop up every time they
open
the
app, just like one does on internet websites where a certificate has
expired.

How else is Verisign going to get repeat customers? ;-)

Actually, I don't think the user will get the same pop-up message advising
that the digital certificate has expired. I think the user will see the
same messages that are shown when an Access database file hasn't been
digitally signed when the Macro Security level is set to Medium or High.
In
other words, there's no valid digital signature on the file, so the user
is
warned when opening the file when the Macro Security level is not set to
Low.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

If I self-sign my app, then every time there is an update, the user will
have

[quoted text clipped - 28 lines]

mde?
Is this a problem with an A2003 mde. I certainly hope not!!!?