Ask a Question

Solution ID : SO4260

Last Modified : 05/02/2018

Error: "The publisher has not been authenticated and therefore could be imitated. Do not trust these credentials." When Verifying a Signed VBA Project

Problem

The following possible errors occur when verifying a signed VBA project:

Error: "The publisher has not been authenticated and therefore could be imitated. Do not trust these credentials."

Error: "Windows does not have enough information to verify this certificate"

Cause

The Microsoft Office and the code signing certificate were picked up on one machine then exported and imported to a second machine and when the export was done, the Intermediate CA certificate was not included.  The export function creates a .pfx file.  If this .pfx file does not include the Thawte Code Signing CA chaining certificates, all files signed on the second machine will have a malformed digital signature that will not be able to be verified.

Solution

Using the proper export process will allow developers to correctly sign VBA projects from machines other than the one used to do the original enrollment and pick up of the Microsoft Office and VBA Code Signing certificate

Perform the following steps to export the Microsoft Office and VBA Code Signing certificate:

  1. Open Internet Explorer

  2. Click Tools > Internet Options > Content > Certificates

  3. Under Personal tab, select the Digital ID
     
  4. Click Export

  5. A wizard appears, click Next

  6. Select Yes, Export the private key > Next

  7. Select Include all certificates in the certificates path if possible

    NOTE:  This option will ensure that the Intermediate CA chaining certificates are included in the exported .pfx file that will be created.
  8. Uncheck  Enable Strong Encryption

  9. Click Next

  10. Enter a password (Alphanumeric password containing no more than 10 characters to protect this certificate while it is being moved)
     
  11. Click Next

  12. Enter a file name and a location to save the exported file (i.e. mydigitalid.pfx)
     
  13. Click Finish

  14. Save the .pfx file to a safe location such as a removable media or a networked drive
     
  15. Import this .pfx file onto the second machine.  Files signed on this second machine will now have a signature block that contains the Intermediate Code Signing CA.  These files should now be trusted by verifying machines.