Macros within Microsoft Office must be signed with a code signing certificate for security purposes. If you need to sign macros then submit a support request to IT Security. If the request is approved you will be asked to refresh your user profile by either logging out and back in or restarting your computer. You can then proceed to configure a certificate with the following steps. Please contact IT Security (it-security@mst.edu) if you run into any issues or have any questions.
To create a certificate follow the Certificate Enrollment process. To use the certificate in Microsoft Office it must be installed as a trusted publisher as described in part 2. If it is necessary to export the certificate follow the steps in part 3.
1. Certificate Enrollment
Enrolling a certificate is achieved in the Manage User Certificates utility included with Windows.
- From the Start Menu, search for the utility by name (“Manage user certificates”) and open it.
- Once the utility opens you will see a list of certificate stores beneath “Certificates – Current User” in the left column
- Double click on the “Personal” folder or click to expand the folder
- Right-click on the “Certificates” folder beneath the “Personal” folder. In the menu that appears move over “All Tasks” and select “Request New Certificate…”
- A new dialog window will appear to begin certificate enrollment
- In the initial “Before you begin” dialog click “Next” to continue
- You will be prompted to select a certificate enrollment policy. Make sure “Active Directory Enrollment Policy” is highlighted and click “Next”
- In the resultant dialog check the box next to “UMS-IT – Code Signing” and click “Enroll”
A new code signing certificate will be installed in the “Certificates” folder beneath the “Personal” folder. You can confirm the installation by finding a certificate “Issued To” your SSO with the “Intended Purposes” of “Code Signing”
2. Trusted Publishers Installation
In order for certificate to be used by Microsoft Office it must be installed as a Trusted Publisher. In order to do so, locate it in the Manage User Certificates utility, copy it, and paste it under the Trusted Publishers certificate store.
- Start “Manage User Certificates”
- Open “Personal” folder in the left side bar
- Select “Certificates” folder beneath the “Personal” folder
- Find the issued certificate in the list
- Right-click on the certificate and choose “Copy”
- Open the “Trusted Publishers” folder in the left side bar
- Right-click on the “Certificates” folder beneath it and choose “Paste”
Your certificate should now be available for signing macros in Microsoft Office applications.
3. Exporting Your Certificate
In some cases you may need to export your code signing certificate. This might be to share it with others or provide it to an IT Pro for group policy publication. To export your certificate start the Certificate Export Wizard dialog for it within the Manage User Certificates utility.
- Start “Manage User Certificates”
- Open “Personal” folder in the left side bar
- Select “Certificates” folder beneath it
- Find the issued certificate in the list
- Right-click on the certificate and mouse over the “All Tasks” option
- In the disclosed menu select “Export…” to open the Certificate Export Wizard dialog
In the Certificate Export Wizard dialog make sure that the private key is not included and export as “DER encoded binary x.509 (.CER)”
- In the welcome dialog click “Next”
- Make sure that the option “No, do not export the private key” is selected, click “Next”
- Choose the “DER encoded binary x.509 (.CER)” format, click “Next”
- Click the “Browse…” button to open a dialog to select where to export the certificate to, click “Save”
- In the wizard, click “Next”
- Review the selections shown in the wizard, if they are as desired click “Finish”
If the export is successful a dialog box will appear indicating so.
When exporting a certificate do not include the private key.