Share via

How to sign my excel file using Azure's Trusted Signature?

Nick 0 Reputation points
2025-01-08T23:38:41.2466667+00:00

Hi everyone,

Need some help because online articles don't make any sense to me. Basically, I'm trying to sign my excel files using a code signing certificate. After some research online, I've decided to go with Microsoft Azure's trusted signature.

I've followed all of the steps described on the following page (i.e. register the trusted signing resource provider, create a trusted signing account, create an identity validation request which got validated, create a certificate profile):

https://learn.microsoft.com/en-us/azure/trusted-signing/quickstart?tabs=registerrp-portal%2Caccount-portal%2Corgvalidation%2Ccertificateprofile-portal%2Cdeleteresources-portal

And now I'm lost. How do I use the certificate profile I created to sign my excel spreadsheets? I tried following other tutorials about windows SDK, Signtool, etc. but I'm completely lost.

In excel, there's an option to "add a digital signature" directly in the app (under the "Protect Workbook" menu) and I thought I would be able to use that to sign my files but my signature doesn't appear there as an option. So how do I bridge between Azure's certificate and my computer / file?

Thanks!

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
42,607 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinodh247 29,701 Reputation points MVP
    2025-01-09T00:57:51.84+00:00

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    To sign an Excel file with a certificate that “lives” in Azure, the easiest path (if policy permits) is:

    1. Export the code-signing certificate (.pfx) from Azure.
    2. Import it to your local Windows certificate store.
    3. Use Excel’s built-in signing feature to add the signature.

    If that export step is blocked by security policy, you’ll have to resort to a remote signing process, which is not natively supported by Excel’s built-in UI and requires a more complex approach.

    1. Most common route: Export (or generate) the certificate from Azure, store it locally, then use Excel’s built-in “Add Digital Signature” functionality.
    2. If export of the private key is restricted, you’ll need a custom signing workflow where a tool communicates with Azure to sign the file. This isn’t straightforward for Office documents, and most of the Microsoft documentation for Azure Trusted Signing focuses on executables/scripts rather than Word/Excel docs.

    The key point is that Azure holds your signing certificate and private key in the cloud, while Excel’s built-in “Add a digital signature” function expects a locally installed certificate (usually in the Windows certificate store).

    • Azure Trusted Signing is primarily designed for code-signing workflows, especially executables or scripts, while keeping your private key secure in Azure.
    • Excel’s “Add Digital Signature” feature expects a certificate in your personal certificate store on your Windows machine.

    If the private key is only stored in Azure (i.e., you never exported a PFX to your local machine), Excel won’t see that certificate.

    Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.

  2. Mirko T 0 Reputation points
    2025-03-11T18:44:32.66+00:00

    It is already possible to sign xlsm/... files with AzureSignTool. The solution is here (comments at the bottom)
    https://github.com/vcsjones/AzureSignTool/issues/126

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.