Signing an XLL

Last Updated on Monday, 24 August 2009 19:07 Written by Administrator Monday, 24 August 2009 18:59

Load your XLL without receiving the 'There is no digital signature available' warning.

Excel will show a warning dialogue every time you attempt to load an unsigned XLL. Clicking on 'Enable this add-in for this session only' can get tiresome after a while, especially when it's an XLL that you're loading every day.

I wanted to stop my clients seeing this warning when loading an add-in I had built for them, but I found specific information on the subject hard to find. The following is what I found, and hopefully it will provide a starting point for you.

Quick caveat - Windows security is a very big and very important subject. Consult a professional before making any changes to your security settings.

The first step is to create yourself a certificate. There's some resources on certificate creation on MSDN. I used the following command:

makecert -r -pe -n "CN=Technicana" -b 01/01/2005 -e 01/01/2010 -sky exchange -ss my

The next step is to sign your binary file with the certificate. I used the following command with the /a switch, which finds the 'best' certificate to use. This did the job for me - further information can be found on MSDN's SignTool page.

signtool sign /a MyFile.exe

Once now that your XLL is signed, run 'certmgr' to access the certificate manager. You should find your certificate on the first tab. I found the easiest thing to do was export the certificate as a .cer file, then go to the Trusted Publishers tab and re-import the certificate there.

So long as you haven't set your Excel security settings to be very stringent, when you load your XLL, Excel will now recognise it as coming from a Trusted Publisher and load it without querying the user.