Without signing VBA Macros users are left with scary warnings before running code and/or lowering Microsoft Office Trust Center Settings.
The breakdown of how each Office Program has varied for me, for instance:
- With Excel, I can leave Macro settings at default (Do Not Run), but still install XLAM Add-Ins in XLSTART and they run without issue, excel has the best Macro distribution system
- With Word, I can leave the Macro settings at default (Do Not Run), and users get a warning and have to enable Macros. The biggest issue with this is having users get used to just blindly hitting "Enable".
- With Outlook, this is the worst. Macro's will just not run with default settings and no notification (Only Run from Signed). This is what lead me down this path. You have two options with outlook, lower security settings in trust center or sign code.
You have two options for signing certs, creating your own cert and importing into Cert Store or purchasing a verified Code Signing Certificate from a Cert Auth.
Self Signing Certs:
SelfCert.exe: (Note: This is the simplest method, but doesn't create a key that is shareable with other computers/users etc)
Run SelfCert.exe and enter a Cert Name. Your computer now has a Self Signed Cert in the Personal Store and you can move on to 'Signing Projects'.
If you want, you can export your key from the Personal Store and import into the Trusted Root to make it trusted, but it will not be shareable with other computers still. See http://www.gmayor.com/create_and_employ_a_digital_cert.htm. Basically just use MMC CertMGR Snap-In to Export from Personal Store and import in Trusted Root.
Manually Creating Certificate: (Note: This has the benefit of created an exportable Private Key so this Cert can be shared between computers, you can even use Group Policy to push the cert to Trusted Root to Domain Computers)
Using PowerShell and New-SelfSignedCertificate:
Now use MMC + CertMGR to export/import etc.
Note: MakeCert is deprecated. To create self-signed certificates, use the Powershell Cmdlet New-SelfSignedCertificate.
The following commands can be used to create a PFX file (PKCS #12) that contains the a self-signed certificate together with the associated private key:
Using a Signed Cert from a Cert Auth:
- Basically once you get the cert, it's the same as any method below to import.
Using CertUtil via CMD to import Keys:
Using Batch & PowerShell to Import Keys: ***PREFERRED***
Open VBA Editor and go Tools → Digital Signature
Choose → OK
Note: There is a bit of a glitch when implement the Cert → https://stackoverflow.com/questions/30619881/microsoft-outlook-2013-error-verify-vba-project-signature/47380003#47380003
You need to go File → Save FROM WITHIN THE VBA EDITOR!
Now exit the VBA Editor and Microsoft Office Application
Re-Open Microsoft Office Application and run Macro, you may see a warning about the publisher not being authenticated. Hit "Trust all documents from this publisher" and run Macro.
You should not get any warning anymore. See links for more detailed information.