Menu

Add Timestamping - Microsoft Office 2010, 2013, 2016 & 2019

May 12, 2023

Introduction


By default, when a digital signature is placed in Microsoft Office, the timestamp is based on the local computer's time. Because of this, the digital signature will expire when the Certificate expires. In order to enable long term validity of signatures in Microsoft Office, a valid 3rd party RFC-3161 compliant timestamp must be applied to the signature at the time of signing. Since the timestamp comes from a 3rd party, it can definitively attest to the date & time at which the signature was placed, enabling long term validity. Think of it like a digital notary.


NOTICE: Enabling timestamping in Microsoft Office requires editing the system registry. Editing the registry carries risk if incorrect values are entered. Editing the registry incorrectly may cause system instability and you do so at your own risk. Information in this article is based off of the following Microsoft articles:


Prerequisites

 

  1. Microsoft Office 2010 or 2013
  2. Permission to edit the registry
  3. PersonalSign or AATL Certificate
  4. Timestamping services with GlobalSign


Instructions

 

  1. Go to Start Menu > Run
     
  2. Type regedit and press Enter
     
  3. Navigate to the folder that corresponds to your office version:

    Office 2010:
    HKEY_CURRENT_USER > Software > Microsoft > Office > 14 > Common > Signatures

    Office 2013:
    HKEY_CURRENT_USER > Software > Microsoft > Office > 15 > Common > Signatures

    Office 2016/2019:
    HKEY_CURRENT_USER > Software > Microsoft > Office > 16 > Common > Signatures
     
  4. Right Click the white-space on the right side and choose New DWORD

     
  5. Name it XadESLevel and enter a value of 2:

     
  6. Create another DWORD and this time title it MinXAdESLevel with a value of 1.
     
  7. Finally, right click again and select New String Value and enter the timestamp URL provided by your GlobalSign Account Manager
     
  8. The resulting registry settings should look like this:

     
  9. When you place a signature with office, and look at the signature properties, if it is timestamped by a 3rd party it will be in the XadES-T format:

Related Articles

Windows Mobile PDA - Install PersonalSign Certificate

Sep 24, 2013, 10:28 AM

This article provides step-by-step instructions for installing your PersonalSign certificate in Windows Mobile PDA. If this is not the solution you are looking for, please search for your solution in the search bar above.

Read More

Installing Your PersonalSign Certificate - Microsoft Outlook 2007

Sep 25, 2019, 11:43 AM

This article provides step-by-step instructions for installing your certificate in Outlook 2007. If this is not the solution you are looking for, please search for your solution in the search bar above.

Read More

Using Your PersonalSign Certificate - Microsoft Outlook 2003

Nov 27, 2013, 2:55 PM

This step-by-step article provides instructions for using your certificate in Outlook 2003. If this is not the solution you are looking for, please search for your solution in the search bar above.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support

Contact Us
close
Sales: 1-877-775-4562
Support: 1-877-775-4562
E-Mail: sales-us@globalsign.com