By default, Office does not use a timestamping service when signing or validating code. Using a timestamping service usually takes more time than the default digital signing process. To use a timestamping service, Office needs to communicate with a certificate authority s timestamp server over the Internet to complete the action. You cannot timestamp a digital signature unless you are connected to the Internet.
There is no built-in Office user interface to use this option. To have Office use a timestamping service with all future digital signatures, you need to set these registry keys.
The values should be entered under ONE key. Please use the following instructions:
To reduce the likelihood that a malicious user can derive a digital certificate's private key from its public key, a commercially obtained digital certificate expires after one year. Office will not allow you to use an expired certificate to sign macros, and will also warn the end user when a digital signature for a file has expired. The end user will see a warning in the usual Digital Signature security warning, which indicates that the certificate is no longer trustworthy. The user can determine if the certificate has expired by looking in the Details dialog box for the certificate.
To prevent you from having to resign your software and Visual Basic for Applications projects every time your certificate expires, some commercial certificate authorities provide a timestamping service. If you use a timestamping service when signing code, a hash of your code is sent to a server to record a timestamp for your code. When using a timestamping service, a user's software can distinguish between code signed with an expired certificate that should not be trusted, and code that was signed with a certificate that was valid at the time the code was signed, but which has subsequently expired.