Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 10-01-2008, 11:04 AM   #1
Solid State Member
Join Date: Jun 2008
Posts: 13
Default MS Certification Authority Question

I need help with a perplexing problem. What we have done here at my company is created a slew of MS Word Docs with macros including VBA code, they are to be used by one particular department. We want to keep the macro security set to high on the client PC's so therefore we need to sign the macros with digital certificates. Here is the problem, we DO NOT want to purchase certificates from a third party, nor do we want to use "selfcert". We have been able to create certs and sign the macros, then install the cert on the client pc enabling the end user to use the macro without a macro security dialog box popping up. The snag is that once a cert is created it can only be used to sign the macro by one developer, as the private key gets installed on his pc. If another developer wants to sign a macro he needs to create a seperate cert. This poses a problem for the end user as they have to install multiple certs. How can we issue one cert that can be used by multiple developers, or one developer on multiple machines, so the end users only have one cert to install on the client pc's?

cloksin is offline   Reply With Quote
Old 10-02-2008, 10:07 AM   #2
Site Team
root's Avatar
Join Date: Mar 2004
Posts: 7,872
Default Re: MS Certification Authority Question

hmmm... an interesting problem, that I think sadly has no answer.

certs are signed to say that the issuing authority, (the computer) is secure, not that the development team are secure...

the only things that I can suggest are.
use multiple certs and install the certificates on the departments PCs using group policies so that take a lot of the work out of it.

or finish all the documents /macros etc with a build machine, then it's only that one machine that will need to have a certificate.

this works well with most software development teams as there is usually a 'head' coder/team leader who will quality check the code or compile final executables etc anyway.

I'm assuming that all your code is tested before it's delivered, so you could make signing the code a final step of your test process, i.e functionality is signed off and then the documents are signed on a single test machine or something.
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 12:10 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0