Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Note: This article has done its job, and will be retiring soon. To prevent "Page not found" woes, we're removing links we know about. If you've created links to this page, please remove them, and together we'll keep the web connected.

Digital signatures and certificates play a central role in software security. This article describes how to view the information that indicates when digital signatures and associated certificates are invalid.

To learn about digital signatures, see Digital signatures and certificates

In this article

Digital-signature and certificate trustworthiness in Word, Excel, or PowerPoint

Use the following instructions to view certificate data associated with a digital signature to verify trustworthiness.

  1. Open the Word document, Excel spreadsheet, or PowerPoint presentation that has a digital signature.

  2. Double click the signature line.

    Note: If the signature line is not available, click the red Signatures button. The Signatures pane appears. On the signature name, click the down-arrow. Select Signature Details.

    The following image is an example of the Signatures button.

  3. The Signature Details dialog appears.

  4. For more certificate information, click View.

  5. The Certificate dialog appears.

  6. On the General tab, you can identify certificate information:

    • Issued to    To whom this certificate was issued

    • Issued by    What organization issued the certificate

    • Valid from / to    Duration of certificate validity

  7. On the Details tab, you can see details such as:

    • Version

    • Serial number

    • Issuer

    • Subject

    • Public key

  8. On the Certification Path tab, you can identify the certificate root and certificate status.

The following image is an example of the Certificate dialog.

Certificate dialog

Top of Page

How to tell if a digital signature is trustworthy

A trustworthy signature is valid, on the user account, on the computer that states it as valid. If the signature were opened on another computer, or another account, the signature may appear as invalid because that account may not trust the certificate issuer. Also, for a signature to be valid, the cryptographic integrity of the signature must be intact. This means that the signed content was not tampered with, and the signing certificate is not expired or revoked.

Top of Page

Invalid digital signatures

In Word 2010, PowerPoint 2010, and Excel 2010 invalid digital signatures are indicated by red text in the Signatures pane and a red X on the Signature Details dialog. The reasons that a digital signature can become invalid are as follows:

  • The digital signature is corrupt because its content has been tampered with.

  • The certificate was not issued by a trusted certificate authority (CA), For example it might be a self-signed certificate. If this is the case, you must choose to trust an untrusted issuer to make the signature valid again.

  • The certificate used to create the signature has been revoked, and no time stamp is available.

The following image is an example of the Signatures pane with an invalid signature.

View the Digital Signatures dialog

  1. Open the file that contains the digital signature that you want to view.

  2. Click the File tab. The Microsoft Office Backstage view appears.

  3. Click the Info tab, then click View Signatures. The Signatures pane appears.

  4. In the list, on a signature name, click the down-arrow. Select Signature Details.

  5. The Signature Details dialog appears.

The following image is an example of the Signature Details dialog.

Signature Details dialog

When digital signatures are invalid

When digital signatures, and associated certificates, are invalid:

  • Contact the signer, and let them know that there is a problem with the signature.

  • Inform the system administrator in charge of your organization's security infrastructure.

  • We advise that you do not lower your security level settings.

  • You can Add, remove, or view a trusted publisher.

Top of Page

Recoverable-error digital signatures

In Office 2010, there is a new classification category for digital signatures. Other than valid and invalid, in Office 2010 a signature can be a recoverable-error signature, which means that there is something wrong with the signature. But the error may be fixed to make the signature valid again. There are three scenarios for recoverable errors:

  • The veifier is offline (disconnected from the Internet) therefore making it impossible to check certificate-revocation data, or to verify time stamps if they are present.

  • The certificate used to create the signature has expired and no time stamp is available.

  • The root certificate authority who issued the certificate is not trusted.

The following image is an example of the Signatures pane with a recoverable error.

Important: If you experience a recoverable error, contact your system administrator, who may be able to change the signature's state to valid.

Top of Page

Partial digital signatures

In Office 2010, a valid digital signature signs certain parts of a file. However, you can create a signature that signs less than the parts required. This partial signature is cryptographically valid.

Office can read these signatures. However, they are likely not created by an Office program. If you encounter a partial signature and are unsure about how to continue, contact the IT administrator to help determine the origin of the signature.

Top of Page

What is a digital signature?

A digital signature is used to authenticate digital information — such as documents, e-mail messages, and macros — by using computer cryptography. Digital signatures help to establish the following assurances:

  • Authenticity    The digital signature helps to assure that the signer is who they claim to be.

  • Integrity    The digital signature helps to assure that the content has not been changed or tampered with since it was digitally signed.

  • Non-repudiation    The digital signature helps to prove to all parties the origin of the signed content. "Repudiation" refers to the act of a signer's denying any association with the signed content.

To make these assurances, the content must be digitally signed by the content creator, using a signature that satisfies the following criteria:

  • The digital signature is valid.

  • The certificate associated with the digital signature is current (not expired).

  • The signing person or organization, known as the publisher, is trusted.

  • The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority (CA).

Top of Page

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×