469,126 Members | 1,292 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,126 developers. It's quick & easy.

Digital Signature fails when file extension is not .mdb

We are using some Access databases in v2003 format where the file extension is not the default .mdb. We've customized the extension and have registered that with Access so it will open when double-clicked. However, whenever I try to digitally sign the file the VBA editor fails with the message:
"There was a problem with the digital certificate. The VBA project could not be signed. The signature will be discarded."

However, there is nothing wrong with the digital cert because I can use it within my enterprise to sign everything else from email to other VBA projects. It only fails with when the file is a custom extension. If I rename the exact same file to .mdb it'll work.

Anyone know why this happens? And more importantly, is there anyway around it?
Dec 3 '12 #1
5 2652
NeoPa
32,161 Expert Mod 16PB
I don't. Very interesting point.

I have used certs extensively myself (See Code Signing), but never with alternative extensions.

Why not try developing the db as an MDB but converting to the new extension at the point of release to the users?
Dec 3 '12 #2
Thanks for the reply. We've actually already done what you suggested. The file is developed using .mdb, then saved as a different extension when it goes out to users. So when we go to sign right before distribution it'll fail to sign. I can even sign it successfully while it's still an .mdb, then rename the extension. But when you open it while it's got the other extension Access completely ignores the signature and pretends like it isn't even there (i.e. prompt for enable macros). If the user renames the signed file back to .mdb, then the signature "magically" starts working again.

Very strange and definitely unexpected behavior. Makes me think that the external libraries that MS Office is using to digitally sign and verify signatures are somehow coded to only look at file extensions rather than actual file types.

I suspect it'll be quite difficult or impossible to fix or work around but wanted to ask other more seasoned experts before we decided what action to take.
Dec 3 '12 #3
NeoPa
32,161 Expert Mod 16PB
Argonautical:
I can even sign it successfully while it's still an .mdb, then rename the extension.
I'm glad you got to that bit Argo, as that was my suggestion. It was worth a try, but I must admit I would have been surprised if you hadn't thought of that already somehow.

I think you're right in saying that MS have implemented this poorly. Even with ACCDB files in 2007 and 2010 it's become extraordinarily fiddly and complicated to use signed projects. Not being able to use them at all without the standard extension though, is not very impressive on their part I would suggest.
Dec 4 '12 #4
Thanks again for the input and confirmation. I think we're gonna stop spending time pursuing this specific problem and approach it from another angle.
Dec 4 '12 #5
NeoPa
32,161 Expert Mod 16PB
Seems sensible. Sorry I couldn't help more. It's an area I'd love to see taken up more, but MS have made it so difficult to use that it's a very hard sell on my part.
Dec 5 '12 #6

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

3 posts views Thread by Kim H Madsen | last post: by
reply views Thread by CLarkou | last post: by
1 post views Thread by Marco Moioli | last post: by
reply views Thread by PamelaDV | last post: by
1 post views Thread by Filips Benoit | last post: by
reply views Thread by =?Utf-8?B?S29saW4=?= | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by Mortomer39 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.