A digital certificate is used to sign a macro; the macro then has a digital signature attached to it.
You may remember exactly what certificates, signatures, and publishers are; if not, here's a quick reminder:
- A digital certificate is an electronic identity card that creates digital signatures and vouches authenticity.
- A digital signature is an electronic, encryption-based, secure stamp on a macro. The signature confirms that the macro originated from the signer and has not been altered.
- A trusted publisher is a certificate issuer whom you have chosen to trust and whose certificate details you have added to your store of trusted publishers.
- An authenticated certificate is a certificate that has been issued by a certificate authority. By definition, a self-signed certificate cannot be authenticated.
At the High macro security level, only macros from trusted publishers will run. So not only do you need a macro self-signed with your own digital certificate; you also have to trust the writer of the macro (yourself) and add the certificate to your personal store of trusted publishers.
But if anyone can install a self-signed certificate, how do you know which one to trust? Imagine if someone created a self-signed certificate with your name on it — how would you know to avoid it? The answer is that you need to verify the certificate. Learn how this works next.