You can get a certificate from a certification authority. No matter if you choose a governmental institution or a private company it is common to be charged for this service, for example when they certify your identity. Few other authorities issue certificates free of costs, like the Open Source Project CAcert which is based on the well-known and reliable Web of Trust model and is of growing popularity.
If you are using Linux, macOS or Solaris, you must install a recent version of Thunderbird or Firefox. Office will then access their certificate storage.
If you have created different profiles in Thunderbird or Firefox and you want to use certificates from one specific user profile, select the profile in Tools - Options - Security - Certificate Path. Alternatively, you can set the environment variable MOZILLA-CERTIFICATE-FOLDER to point to the folder containing that profile.
Open your web browser’s preferences, select the Advanced section, click on the Certificates tab, and then choose View Certificates. The Certificate Manager dialogue box will appear.
Import your new root certificate, then select and edit the certificate. Enable the root certificate to be trusted at least for web and email access. This ensures that the certificate can sign your documents. You may edit any intermediate certificate in the same way, but it is not mandatory for signing documents.
When you have edited the new certificates, restart Office.
On Windows systems, Office will access the system certificate storage.
Your private key for the digital signature will usually be generated and securely stored by Windows as part of the signature-issuance process. Once the issuing Certificate Authority is satisfied that your computer produced the private key and you have satisfied any other identification requirements, the corresponding public key is signed by the Certificate Authority. For personal keys obtained over the Internet, the private key is generated by your browser and it is not shared with the Certificate Authority.
If a private key is received by other means or you transfer it from another computer, you can install it on your Windows PC by double-clicking on the private key certificate and providing any required password. This private key may be known to others (such as an organisational or governmental security administration) depending on how it was issued to you.
Public keys of other people used to verify document digital signatures, or encrypt documents for their eyes only, are usually stored in your system with digital certificate-management applications. In some cases you will need to manage those public-key certificates yourself.
The general management of public and private keys on your PC will vary depending on the version of Windows you are operating. For more information, use the "Help and Support" topic of your Windows version and search for "digital signature".
Choose File - Digital Signatures - Digital Signatures.
A message box advises you to save the document. Click Yes to save the file.
After saving, you see the Digital Signatures dialog. Click Add to add a public key to the document.
In the Select Certificate dialogue box, select your certificate and click OK.
You see again the Digital Signatures dialogue box, where you can add more certificates if you want. Click OK to add the public key to the saved file.
A signed document shows an icon
in the status bar. You can double-click the icon in the status bar to view the certificate.
The result of the signature validation is displayed in the status bar and within the Digital Signature dialogue box. Several documents and macro signatures can exist inside an ODF document. If there is a problem with one signature, then the validation result of that one signature is assumed for all signatures. That is, if there are ten valid signatures and one invalid signature, then the status bar and the status field in the dialogue box will flag the signature as invalid.
Normally, macros are part of a document. If you sign a document, the macros inside the document are signed automatically. If you want to sign only the macros, but not the document, proceed as follows:
Choose Tools - Macros - Digital Signature.
Apply the signature as described above for documents.
When you open the Basic IDE that contains signed macros, you see an icon in the status bar.
You can double-click the icon in the status bar to view the certificate.