Automate Import of Digital Certificate

[bdmangum]

I'm currently in the process of deploying an office-wide database. I already have a digital certificate applied to the file, which by the way was created in Excel 2003. I'm looking for the most efficient way to automatically trust the digital certificate assosciated with the Excel file. I was considering a batch file which could simply add an entry to the registry, but I'm not certain that is the best approach.

Does anyone know of a good method for automating this process? Basically I'm looking to create a second file which would be the install file for the database. My goal is to have the install setup folders, trust my VBA publisher signature, along iwth a few other things.

 

[WalkerEvans]

Unfortunately, I don't think you can get there from here ... and you shouldn't. The "Always trust macros from bdmangum" that will pop up is a part of the macro security suite, and as far as I know can't be set by an outside program. If this could be done it would be a really neat backdoor into everyone's files; I'm sure a malicious hacker would love it!

Each user is going to have to answer Yes to the "Trust" question the first time they try to open your file. This not only allows them to access your office-wide database, it will prevent them from seeing another pesky message regarding one of your macros ever again.

If you do find a way to program around this you might keep it to yourself, as it would open a major can of worms regarding security.



----------------------------------------------------------------------------------
"A committee is a life form with six or more legs and no brain." -- L. Long

 

[bdmangum]

Thanks for the response! Scary as it is, I managed to create a batch file which automatically trusts my certificate. Per your suggestion, I will keep the code to myself in order to prevent a hacker from using the same method. Any good hacker though should be able to figure it out, as it only took me about twenty minutes of coding once I figured out the way to do it.

The one plus to the method I used to accomplish my task is that the user must intentionally run the install.exe file I created. This is the perfect solution for my problem, since I'm dealing with some people who aren't all that computer savy. Almost everyone knows how to run an install.exe file. Once they run the install.exe file, my certificate is then known as a trusted publisher on that system.

 

[WalkerEvans]

First, I'm glad that you solved your problem, even though it makes me nervous. Honestly, I had hoped that you were going to come back and say that you couldn't do it; then, I was going to try to talk you into using my solution.

The way that I handle this requires that my users do a small amount of work, but even the dimmest of them have managed to "get it". I took a screen shot of the message box that pops up whenever they try to open a document or spreadsheet with code. Next follows a one-at-a-time series of annotated screen shots showing them how to set their system to always recognize my code as "trusted". The slowest (ie, least computer savvy) person in the office got through it in less than 10 minutes, and will never, ever have to deal with it again, as this sets my digital signature as "Always Trusted".

My way is a bit more work, but it does not involve possible security compromise. You did it so quickly and easily others will probably work out how it was accomplished. Unfortunately, there is still no way to put that genie back in the bottle. Hope I'm wrong on this one.



----------------------------------------------------------------------------------
"A committee is a life form with six or more legs and no brain." -- L. Long