You can show that you believe a database is safe and that its content can be trusted by adding a digital signature to the database. A digital signature confirms that any macros, code modules, and other executable components in the database originated with the signer and that no one has altered them since the database was signed. This helps people who use the database decide whether to trust it and its content. Think of a security certificate as a pen that you use to digitally sign things, or a wax seal that only you can apply. To add a digital signature, you can use a commercial security certificate, or you can create your own. The process that you use to digitally sign a database depends on the database version you are using.
There are two types of security certificates: commercial and self-signed.
If you want to digitally sign a database and then distribute that database commercially, you should obtain a commercial security certificate from a commercial certificate authority (CA). Certificate authorities do background checks to verify that the people who create content (such as databases) are reputable. For more information, see Find digital ID or digital signature services.
If you want to use a database for personal or limited workgroup scenarios for use within your own organization, you can create a digital certificate by using the SelfCert tool included with Microsoft 365.
Important: If you digitally sign a document by using a digital certificate that you created, and then you share the digitally-signed file, other people cannot verify the authenticity of your digital signature without manually deciding to trust your self-signed certificate.
Browse to the folder that contains your Microsoft Office program files.
You'll need to locate the executable file, SelfCert.exe, and the location can vary based on various conditions such as if you're using a 32 bit or 64 bit Windows operating system or if you're using Microsoft 365.
C:\Program Files\Microsoft Office\root\Office16
C:\Program Files (x86)\Microsoft Office\root\Office16
C:\Program Files\Microsoft Office\Office16
C:\Program Files (x86)\Microsoft Office\Office16
C:\Program Files\Microsoft Office\root\Office15
C:\Program Files (x86)\Microsoft Office\root\Office15
C:\Program Files\Microsoft Office\root\Office14
C:\Program Files (x86)\Microsoft Office\root\Office14
Locate the correct folder and double-click SelfCert.exe.
The Create Digital Certificate dialog box appears.
In the Your certificate's name box, type a name for the new test certificate.
Click OK twice.
It's easy and fast to sign and distribute a database. You can package the file, apply a digital signature to the package, and then distribute the signed package to other users. The Package-and-Sign feature places the database in an Access Deployment (.accdc) file, signs the file, and then places the signed package at a location that you determine. Users can then extract the database from the package and work directly in the database (not in the package file). Note that you can still use the packaging feature to generate an .accdc file, whether or not you also code-sign the database. For more information, see Deploy an Access application.
All versions of Access allow you to apply a digital signature to the components in .mdb and .mde database formats. Starting with Access for Microsoft 365 Version 2211, .accdb and .accde database formats are also supported.
To code sign a database, do the following:
Open the database that you want to sign.
On the Database Tools tab, in the Macro group, click Visual Basic to start the Visual Basic Editor, or press ALT+F11.
In the Project Explorer window, select the database or Visual Basic for Applications (VBA) project that you want to sign.
On the Tools menu, click Digital Signature.
The Digital Signature dialog box appears.
Click Choose to select your test certificate.
The Select Certificate dialog box appears.
Select the certificate that you want to apply. For more information see Get a security certificate.
If you followed the steps in the previous section, select the certificate that you created by using SelfCert.
Click OK to close the Select Certificate dialog box, and click OK again to close the Digital Signature dialog box.
If you want to prevent users of your solution from accidentally modifying your VBA project and invalidating your signature, lock the VBA project before signing it. However, locking your VBA project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators might re-sign templates and add-ins so that they can control exactly what users may run on their computers.
If your application modifies the database in a way that will invalidate the signature, for example, by creating a new action query, then avoid digitally signing the database. Instead, use a signed package (.accdc) for distribution, and then combine that with the use of a trusted location.