[Updated Sept. 9, 2016: Added additional links to Microsoft resources and background about impact]
WebADI and Report Manager use Visual Basic for Applications (VBA) macros to integrate with Microsoft Office. All VBA macros must be signed with a valid digital certificate. If the certificate is invalid or expired, new Microsoft Office will display a warning in the Message Bar like this:
Older Office versions may display a standalone security notice like this:
The workarounds for handling these security alerts vary depending upon how the end-user’s desktop is configured or centrally managed via Office group policies. For more information about Microsoft Office macro security handling, see:
- Enable or disable macros in Office files – Office Support (Microsoft.com)
What’s new in this patch?
Earlier versions of Web ADI for EBS 12.1 and 12.2 were digitally-signed with certificates that expired in August 2016.
A new SHA-256 digital certificate is now available for EBS 12.1 and 12.2. This new patch will prevent security alert warning messages from being displayed in Microsoft Office. The new digital certificates are valid through August 2018.
There are four different updates available — you should pick the patch that corresponds to your EBS version:
- EBS 12.2.5 – Patch 23135062:R12.BNE.C
- EBS 12.2.4 – Patch 23135071:R12.BNE.C
- EBS 12.2.3 – Patch 23135079:R12.BNE.C
- EBS 12.1.3 – Patch 22962367:R12.BNE.B (Digital signatures are not supported by Report Manager for EBS 12.1)
Known Issues
Office 2007 does not recognize documents that have been digitally signed using SHA-256 certificates. In such cases adding the documents storage location to ‘Trusted Locations’ can be used to avoid this issue. Further information is available through the Microsoft document:
- Can’t digitally sign VBA projects in Office 2007 by using an SHA256 code-signing certificate (Microsoft.com)
References