selfcert.exe

[Fred]

We use Excel VBA macros in many of our shared workbooks (numbering in the
thousands). When users have macro security set to High, our macros do not
run because they are not signed. This is a serious problem, especially with
the users. While we have a utility to self certify our macros
(SELFCERT.EXE), it does not help unless all users have us in a list of
trusted sources. We need a way to create and maintain this list of trusted
sources. Any thoughts? Can we do this without a rootCA or purchasing
certificates from say...verisign?


Thanks!

 

[Henry]

Fred,

I don't know the answer for certain, but just think how easy it would be for
a virus to update your list of trusted sources without your knowledge and
wreak all sorts of havoc on your spreadsheets, etc.
I would think, therefore, that the answer is No.

Henry

 

[Guest]

Fred
You should speak to your systems administrators as they could set this up in
group policy - But I bet they wont!

The whole point of security certificates is to authenticate the source of
the code. A malicious user could easily run selfsert as you and forge a cert
in your name. then issue bad code in your name - this would be a bad thing!

You should get a proper cert from verisign or Thawte or whoever (200-400
dollars - cheaper than a virus). One person/machine should have this
installed then this becomes the security signing step in your release cycle.

Self certs should only be used for testing, never for release.

cheers
Simon