[ 출처 : https://answers.sap.com/ ]
As per SAP Note 3247649 , the certificate needs to be installed manually under Trusted Publishers by each user or can be done through group policies. In order to get the certificate you need to at least have any one specific user/system who can export the certificate from the templates present in attachment of SAP Note 1992004 and also make sure the steps are performed in system.
[ 출처 : https://help.sap.com/ ]
1 - SAP SE certificate
- The SAP SE certificate is delivered with the front end installation.
- You can find the SAP SE certificate here:
- MS Excel > Options > Trust Center > Trust Center Settings > Trusted Publishers
- MS Internet Explorer > Internet Options > Content > Certificates > TAB Trusted Publishers
- On the "General" tab , you can check the validity.
- On the "Certification Path" tab ,the path should be displayed as shown in following screenshot and the message
"This certificate is OK" should be shown:
2 - How to remove an expired SAP SE certificate?
- Check folder C:\Program Files (x86)\SAP\Business Explorer\BI you can find the file BExAddin.dll. In the context
menu for this file open the properties and switch to tab "Digital Signatures". You will find the SAP
SE certificate. Press the button "Details" and then button "View Certificate" to see the validity of this
certificate. As long any file has the "SAP SE certificate", irrelevant of the validity date,
you can be assured that the file is a part of SAP certified software. The validity only shows the time period that
SAP can use this certificate to certify a file.
- Now you can find the expired SAP public key in Internet Explorer, Microsoft Edge or Excel Options under Trusted Publisher. The key is updated according to the setting/rules/option maintained in operating system.
- If the validity of this key is expired, you can remove the key following these steps:
- Start Microsoft Edge
- Open More Tools > Internet Options > on TAB Content > press button Certificates.
- Under Trusted Publisher select SAP SE certificate and press button Remove:
3 - How to import the SAP SE certificate manually?
If you cannot find the certificate or you want to replace an expired certificate perform these steps:
- In Microsoft Edge > More Tools > Internet Options > Advanced tab, activate the flag "Check for
publisher's certificate revocation":
- In Excel > Trust Center make sure that the following properties are active:
- Add-ins:
- [x] Require Application Add-ins to be signed by Trusted Publisher:
- Macro Settings according note 1962327:
- (o) Disable all macros except digitally signed macros
- [x] Trust access to the VBA project object model:
- Close Internet Explorer and Excel.
- RESTART THE WORKSTATION
- Confirm the settings are still there on Excel and proceed
- Open folder C:\Program Files (x86)\Common Files\SAP Shared\BW.
- Start BExAnalyzer.xla file.
- MS Excel opens and a MS Excel Security PopUp asks for confirmation:
- Press button 'Trust all from publisher'. This imports the SAP SE certificate under the Trusted Publishers path.
Note:
- Each certificate has a limited validity, it expires on a certain date. A new certificate with updated/extended validity is delivered with the BEx front end patch (see: Current BI ADDON for SAP GUI 760).
- SAP releases the next patch before the old certificate expires, so you just have to install the newest patch to have a valid certificate.
- If the root certificate 'VeriSign Class 3 Code Signing 2010 CA' has been expired, you will have to update it as described in note 711648.
4 - Certificates in workbooks
- A new created workbook which is based on the SAP default workbook is signed and saved with the current installed certificate. So in the workbook a certificate exists with a limited validity.
- When opening an old workbook containing an expired certificate you will receive a warning from Excel stating that the certificate with which the workbook was signed has expired. The warning messages state that the signature is invalid. It is not really a problem since it is just informing you about the status of the workbook. You can still work with the workbook.
- When you save a workbook containing an expired digital certificate Excel automatically removes the invalid certificate from the workbook before saving it.
Note:
- The SAP delivered SAP Default Workbook contains macros. For security reasons this workbook has to be digitally signed so that customers know that the workbook is from SAP and safe to use.
- Workbooks which have been created by the customer do not necessarily require a signature. The customer determines if the workbook should be saved with a digital signature or not. If it is saved with a digital signature then the signature is typically the signature of the customer whom the workbook belongs to.
Here is how you can find the workbook certificate/signature:
- Open the workbook > press Alt+F11 > in MS VB navigate: Tools > Digital Signature
SAP Note 711648 - Macro certificate signature not verified
[ 출처 : https://answers.microsoft.com/ ]
