# Macro security and signing of VBA-projects/-modules

# Create a valid digital self-signed certificate SELFCERT.EXE

To run macros and maintain the security Office applications provide against malicious code, it is necessary to digitally sign the VBAProject.OTM from the VBA editor > Tools > Digital Signature.

enter image description here (opens new window)

Office comes with a utility to create a self-signed digital certificate that you can employ on the PC to sign your projects.

This utility SELFCERT.EXE is in the Office program folder,

Click on Digital Certificate for VBA Projects to open the certificate wizard.

In the dialog enter a suitable name for the certificate and click OK.

enter image description here (opens new window)

If all goes well you will see a confirmation:

enter image description here (opens new window)

You can now close the SELFCERT wizard and turn your attention to the certificate you have created.

If you try to employ the certificate you have just created and you check its properties

enter image description here (opens new window)

enter image description here (opens new window)

You will see that the certificate is not trusted and the reason is indicated in the dialog.

The certificate has been created in the Current User > Personal > Certificates store. It needs to go in Local Computer > Trusted Root Certificate Authorities > Certificates store, so you need to export from the former and import to the latter.

Pressing the Windows Key+R which will open the 'Run' Window. then Enter 'mmc' in the window as shown below and click 'OK '.

enter image description here (opens new window)

The Microsoft Management Console will open and look like the following.

enter image description here (opens new window)

From the File menu, select Add/Remove Snap-in... Then from the ensuing dialog, double click Certificates and then click OK

enter image description here (opens new window)

Expand the dropdown in the left window for Certificates - Current User' and select certificates as shown below. The center panel will then show the certificates in that location, which will include the certificate you created earlier:

enter image description here (opens new window)

Right click the certificate and select All Tasks > Export:

enter image description here (opens new window)

Export Wizard

enter image description here (opens new window)

Click Next

enter image description here (opens new window)

the Only one pre-selected option will be available, so click 'Next' again:

enter image description here (opens new window)

The top item will already be pre-selected. Click Next again and choose a name and location to save the exported certificate.

enter image description here (opens new window)

Click Next again to save the certificate

Once focus is returned to the Management Console.

Expand the Certificates menu and from the Trusted Root Certification Authorities menu, select Certificates.

enter image description here (opens new window)

Right click. Select All Tasks and Import

enter image description here (opens new window)

enter image description here (opens new window)

Click next and Save to the Trusted Root Certification Authorities store:

enter image description here (opens new window)

Then Next > Finish, now close the Console.

If you now use the certificate and check its properties, you will see that it is a trusted certificate and you can use it to sign your project:

enter image description here (opens new window)