About Digital Signature

[Pocket von Tilo Wolff# ++]

Hi, two questions

I have a "Code Signing" type certificate I bought at Verisign

The "Code Signing" type certificates can be updated without requesting a
brand new one?

If it can be done, does my code (some Word's macros) recognize the new
certificate or it is necessary to specify the certificate again?



Thanks

 

[Lars-Eric Gisslén]

Wolff,

I hope you bought the VBA/Office signing certificate. If you recieved two
files, *.SPC and *.PWK then you have got the code signing certificate for
EXE, DLL, CAT, CAB, ... files

If you have got the correct certificate you can renew the certificate using
your order number and Verisign will inform about one month before it's time
to renew the certificate. You will however get a new certificate but with
the same credentials as the old one. The old certificate has expired,
litterally, and a new certificate has to be issued. This is a very simple
process and nothing to worry about.

Your macros will not recognize any signing but Word 2000 (and later) will.
What is of interest is how the computers running your documents with signed
macros will react on new documents signed with a renewed certificate. That
is no problem. If the users has accepted to allways trust signed macros with
your old certificate your new certificate will also be accepted so the user
will not notice that you have renewed the certificate. However, if you buy a
new certificate (not renew) then the users has to accept the new
certificate.

What is also very important is that you must timestamp your signing. If you
don't, your clients will get into trouble when the certificate has expired.
To enable timestamping you have to set the registry key:
HKEY_Current_User\Software\Microsoft\VBA\Security\TimeStampURL
to: http://timestamp.verisign.com/scripts/timstamp.dll

Regards,
Lars-Eric

 

[Pocket von Tilo Wolff# ++]

thanX for your help, was very useful

Wolff,

I hope you bought the VBA/Office signing certificate. If you recieved two
files, *.SPC and *.PWK then you have got the code signing certificate for
EXE, DLL, CAT, CAB, ... files

If you have got the correct certificate you can renew the certificate using
your order number and Verisign will inform about one month before it's time
to renew the certificate. You will however get a new certificate but with
the same credentials as the old one. The old certificate has expired,
litterally, and a new certificate has to be issued. This is a very simple
process and nothing to worry about.

Your macros will not recognize any signing but Word 2000 (and later) will.
What is of interest is how the computers running your documents with signed
macros will react on new documents signed with a renewed certificate. That
is no problem. If the users has accepted to allways trust signed macros with
your old certificate your new certificate will also be accepted so the user
will not notice that you have renewed the certificate. However, if you buy a
new certificate (not renew) then the users has to accept the new
certificate.

What is also very important is that you must timestamp your signing. If you
don't, your clients will get into trouble when the certificate has expired.
To enable timestamping you have to set the registry key:
HKEY_Current_User\Software\Microsoft\VBA\Security\TimeStampURL
to: http://timestamp.verisign.com/scripts/timstamp.dll

Regards,
Lars-Eric