DoneEx

How to Apply Digital Signature to EXE, DLL and Excel VBA Project

This guide explains how to apply a digital signature to EXE, DLL, and Excel workbook’s VBA code to ensure authenticity, trust, as well as protection from tampering.
This guide is for developers as well as advanced Excel users working with DoneEx XCell Compiler and DoneEx VbaCompiler for Excel, who want to securely distribute compiled Excel workbooks.

DoneEx XCell Compiler as well as DoneEx VbaCompiler for Excel create executable (EXEs and DLLs) files as result of the compilation. These files, as much as any other executable files, may be falsely detected as ‘malicious’ by antivirus software. To avoid this situation, we recommend using a digital signature to ensure the file’s source is trustworthy.

 

What is digital signature

A digital signature is a secure electronic equivalent of a handwritten signature or stamp, and a cryptographic proof that identifies the publisher of software or macros and verifies that the file has not been modified since it was signed.

Digital signatures can serve as proof of origin, authenticity, as well as status of electronic documents, transactions, and digital messages.

 

Why digital signatures are required for executable files and VBA macros

When distributing unsigned executables or Excel files, users often encounter warnings such as “Unknown Publisher” or “Potentially unsafe macro.” These alerts reduce trust, trigger antivirus concerns, and may block your software or workbook from running.

By applying a digital signature:

  • You remove “Unknown Publisher” warnings
  • Build user confidence in your software
  • Gain trust from antivirus programs
  • Detect a modification or tampering file content after signing.

This applies equally to both compiled applications (EXE and DLL files) and Excel workbooks containing VBA code.

 

Prerequisites

Before applying a digital signature for Excel files or executables, ensure you have the following:

1.A Valid Code Signing Certificate

Obtain a certificate from trusted providers like:

  • DigiCert
  • Sectigo
  • GlobalSign

You can find more information about digital certificate providers online by searching for “digital certificate authorities” or “digital certificate providers”.

For internal testing, you may create a self-signed certificate using SelfCert.exe

Certificates are usually delivered as .pfx files or stored securely on USB tokens provided by the certificate vendor.

2.Required Tools and Environment

  • Windows system with administrative access
  • Command Prompt or PowerShell
  • SignTool.exe (part of the Windows SDK)

 

How to Sign EXE as well as DLL Files

Digitally signing EXE as well as DLL files built with DoneEx XCell Compiler or VbaCompiler for Excel ensures that your software is trusted by Windows and free from “unknown publisher” warnings.

Step 1: Install the Certificate

If you received a .pfx certificate:

  1. Double-click the file.
  2. Follow the import wizard to install it in Current User → Personal → Certificates.
  3. Verify installation through the Certificates MMC snap-in.

If you use a USB token, simply plug it in — your signing certificate will be accessible through its private key storage automatically.

Step 2: Use SignTool to Apply the Digital Signature

SignTool  is a command-line tool provided by Microsoft as part of the Windows SDK (Software Development Kit)

If you do not have Windows SDK installed on your computer, then you need to download it from the link above and install it on your computer.

Run the SignTool.exe command-line utility as follows.

Example 1: Sign EXE or DLL using a .pfx file

signtool sign /f "C:\certs\mycert.pfx" /p MyPassword /tr http://timestamp.digicert.com /td sha256 /fd sha256 "C:\MyApp\MyApp.exe"

Example 2: Sign using a certificate stored in a USB token

signtool sign /n "Your Company Name" /tr http://timestamp.digicert.com /td sha256 /fd sha256 "C:\MyApp\MyApp.exe"

Parameter explanation:

  • /f — Path to certificate file
  • /p — Password for the private key
  • /n — Certificate subject name (used for token or store-based certificates)
  • /tr — Timestamp server
  • /td – Hashing algorithms for timestamp server.
  • /fd — Hashing algorithm for creating file signature
  • “MyApp.exe” — File to sign

To sign DLL file use the name of DLL file as ‘File to sign’ parameter.

Step 3: Verify the Digital Signature

To confirm your EXE or DLL file has been correctly signed, use:

signtool verify /pa "C:\MyApp\MyApp.exe"

If successful, you’ll see:
“Successfully verified: MyApp.exe”

Also you can verify the digital signature using EXE, DLL file properties.

 

Digital signature in EXE file properties

 

After clicking the ‘Details’ button you can find the digital signature details

 

Digital signature details

How to Apply a Digital Signature for Excel Workbook VBA Code

When distributing Excel workbooks compiled with VbaCompiler for Excel, signing your project proves authenticity and prevents tampering. You need to be sure to apply digital signature after compilation. To do that your need to compile your workbook without ‘Make VBA unviewable’ option, to get access to the VBA project.

Here’s how to apply a digital signature for workbook VBA code.

Step 1: Open the VBA Editor

  1. Open your compiled Excel workbook.
  2. Press Alt + F11 to open the Visual Basic for Applications (VBA) editor.

 

Step 2: Sign the VBA Project

  1. In the VBA Editor, navigate to
    Tools → Digital Signature.
  2. Click Choose then select your digital certificate.
  3. Confirm then click OK.
  4. Save then close your workbook.

This process adds a digital signature for VBA code, ensuring the workbook can be trusted by others who open it.

 

Step 3: Verify the Signature

To verify your digital signature for Excel VBA project:

  • Reopen the workbook.
  • In the VBA Editor, navigate to Tools -> Digital Signature
  • Make sure that the opened window shows “The VBA project is currently signed as”  as well as the certificate name.

    VBA Project digital signature verification

Also you can type the following command in VBA Immediate window:

?ThisWorkbook.VbaSigned
and push “Enter” button.

If the VBA project is signed, then the answer will be ‘True’

VBA project digital signature programmatically verification

Step 4: Distribute the Signed Workbook

When distributing your workbook:

  • Users who trust your certificate will open it without macro security warnings.
  • Others will see your verified publisher name, allowing them to grant trust easily.

 

This further ensures a professional user experience and enhances the credibility of your Excel-based applications.

 

Conclusion

Applying a digital signature—whether for executables or Excel files—is a vital part of secure software distribution.
For DoneEx XCell Compiler as well as VbaCompiler for Excel users, signing ensures that computers recognize your compiled EXE, DLL, or workbook as safe, authentic, as well as tamper-proof.

By following this guide, you’ll:

  • Additionally protect your VBA code and compiled applications
  • Eliminate “Unknown Publisher” warnings
  • Reduce possible false positive antivirus detections
  • Build trust with your users as well as IT departments

A properly applied digital signature for workbook or VBA code not only strengthens your reputation but also delivers a seamless, secure experience for end users.