Digital Code Signing For Testing Purposes [Office 2003 SDK Documentation]

In most organizations, the private key used for signing an unmanaged component is accessible only to authorized employees. In most cases, software developers do not belong to this category. However, they would still need to test the software with it signed. This can be achieved using testing certificates. For details on how to create and sign using test certificates, the "Digital Code Signing Step-by-Step Guide" and "Code Signing Office XP Visual Basic® for Applications Macro Projects" articles on the MSDN Office Developer Center Web site has detailed step-by-step instructions and explanations on how to do this.

If you are not ready to sign using a valid certificate as you are still testing, you can use a test certificate. The "Digital Code Signing Step-by-Step Guide" on the MSDN Office Developer Center Web site demonstrates and discusses in detail how to use the Authenticode® tools for signing. For public distribution, you will need to purchase a valid certificate from a Certification Authority (CA).

Test certificates should be used for testing purposes only. They should not be used to sign code files that will be publicly distributed. Since the certificates are not issued by a Certification Authority (CA) whose root certificate is already trusted on a user's machine, the test certificate will not validate correctly on the user's machine. Independent software vendors can obtain valid certificates from VeriSign, GTE, or other certification authorities to digitally sign code files that will be distributed to the public. The "Frequently Asked Questions About Authenticode" on the MSDN Web site has more information on how to do this.