Before you can digitally sign infopath forms, you must have a digital certificate. Microsoft Certificate Services will need to be enabled on a Windows Server 2008 to facilitate the creation and verification of the digital certifciates on the web server. The server uses the public key stored within the certificate to read the form information.
To configure the Microsoft Certificate services, follow these instructions:
Step 1 Click "Start" point to "Administrative Tools," click "Server Manager" select "Roles" from the left pane, then select "Add Roles" from the right pane.
Step 3 Check "Certificate Authority" and click "Next." Choose "Enterprise" to enable the CA to use Directory Services; otherwise, select "Standalone." Click "Next."
Step 4 Click "Root CA" then click "Next." Click "Create a New Private Key" then click "Next."
Step 5 Select the preferred cryptographic service provider, hash algorithm and key character length from the options, or use the default values. Click "Next."
Step 6 Create a common name for the CA, then click "Next." Set the preferred validity period for the CA certificate or use the default value. Click "Next."
Step 7 Click "Browse" and select which folders to store the certificate database and certificate database logs to, or use the default locations. Click "Next."
Step 8 Review your selections on the summary screen. Click "Install" to set up the Microsoft Certificate Authority. Click "Close" when the installation completes.
Another option is to allow users to connect to the CA va a web browser. To do this, on the select role services screen, select “Certification Authority Web Enrollment”.
Other options include Online Responder that will allow implementation of the online certificate status protocol and obtain revocation status of a certification.
There are other options that may meet your needs, but the options above is all that is needed to allow users to digitally sign infopath forms.
CREATING A DIGITAL CERTIFICATE
Open your Internet Explorer browser
Go to the web server address setup by the Network Administrator
You will be directed to a local webserver that will come up with Microsoft Active Directory Certificate Services
At this window, select “Request a Certificate”
The next window that appears will give you the option to select the certificate type “User Certificate” or submit an advanced certificate request. Choose the “User Certificate” by clicking on the link.
The next window that appears will give you more options. For default just click the Submit button.
Answer "YES" to the “Website is requesting a new certificate on your behalf” message
Click “Install this Certificate”
Answer "YES" to the “Website is adding one or more certificates to this computer” message
The Certificate has been created and installed. You can now close this window.
RECOMMENDATIONS FOR DIGITAL CERTIFICATE SECURITY
I recommend to all my users that they export their digital certificates to their private drives and put a password on the files they export. By putting them on their private drives, they prevent others from gaining access to their certificates. The password is a secondary security measure so that others cannot import another users digital certificate and sign documents with it.
Exporting the digital certificates is important as many company’s have computer replacements schedules and during these computer replacements, or harddrive re-imaging or replacements, a user can import their digital certificates on the new workstations and continue using the same digital certificates instead of having to recreate new ones.
EXPORTING DIGITAL CERTIFICATES
You will need to export your certificate(s) whenever you create or renew your certificate(s). This will allow you to import them if you use different computers or get a new computer.
Open Internet Explorer and go to Tools, Internet Options, Click on the Content Tab, then click on the Certificates button.
From there, you will need to click on each certificate created and export them individually by following the same steps as above.
Click the "Export" Button, then click "Next"
Click "Yes" to export the private key, and then click "Next" again
Click "Next" once more on the Export File Format window, and then enter a simple password that you can remember and click "Next"
Click the "Browse" Button and choose your “My Documents” or a secure location that only you have access to
In the File Name box, Type in your name and the year
Click "Next" and then Click "Finish"
My next article will be on how to design an infopath form for Digital signatures.
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.