I have a tricky issue, I'm trying to install a certificate to sign a VBA file. I've purchased a third party certificate and followed the instructions here to install it and sign my VBA file with it. However, I'm getting the following error when I try to use my certificate:
(I believe) This is because, even though I've been able to install my new certificate through MMC in both my user account and local computer under the "Personal" folder, I haven't yet been able to install my certificate through IE.
When I attempt to install my new certificate (SPC file) in IE, I'm able to select it in the Import Wizard, and specify all settings correctly, however when I finish the wizard:
And I receive the "Success" message, the certificates are not imported, in fact I see no change in the "Personal" screen. This is in stark contrast to the behavior that I see in MMC, where I repeat the same steps and after completing the wizard, the two certificates in my SPC are installed without issue.
I've tried restarting, importing the certificates basically everywhere in MMC, but I cannot get these certificates to install in IE and consequentially I cannot sign my VBA files.
Update 1
I've got my certificate to show up under "Other People" now, can't remove it or move it though, and I still get the same error in VBA when trying to sign my file with it, does my cert need to be in the "Personal" folder, or can one sign a VBA file with a cert in the "Other People" folder?
I wonder what criteria excel uses to determine if a particular cert is one that can be used to sign a file. So far I have not found any documentation on this. I have found a old post on conflicting versions. That could be the issue I suppose, but I'm not sure what aspect or version excel is looking for...
Update 2
I was issued a SPC file, (hypothesis) I believe I need to sign the file with the following instructions before I can use it. That, is considerably harder than it first seems. Seems my files "private key" is marked as non-exportable:
Export-PfxCertificate : Cannot export non-exportable private key.
I wonder why my third party cert authority provided me with a cert formatted in this manner. Seems I'm not the only one confused my this cert business either. Lots of discussion on the internet about this sort of thing, just not allot of particularity useful instructions on how to do it. I really hope I don't have to proceed down this path.
I reran through the entire process, including regenerating my CSR file with the "Marked private key exportable", for some reason the second time around the key on my newly provided cert was now marked exportable, I was able to export it into a PFX, install that, and then sign my VBA file without issue.