Help assigning a digital certificate in Infopath 2003

Clothahump
Clothahump used Ask the Experts™
on
Noob here with Infopath.  I have an IP2003 form that I want to publish
into a test directory for the users to play with before we go live.

When I go into System Administration and look at Certificates -
Current User, I see the certificate that I want to use listed under
Trusted Root Certification Authorities.  However, in Infopath 2003,
when I click Tools/Form Options/Security and click Sign This Form, all
I see is the personal certificate that I created for myself.


How do I select the certificate from the Trusted Root area and drop it
on this form?


Thanks in advance!

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
jakosysadmin

Commented:
Do not. Rather use the personal certificate that DERIVES its trust from your trusted root. This would be the way that it was designed to be.

Author

Commented:
And how do I do that?
jakosysadmin

Commented:
G:) Use the certification authority you control to issue yourself a cert that is signed by the cert that is in turn signed by your trusted root cert. (The intermediary cert might or might not be necessary depending on your PKI structure and security needs)
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

jakosysadmin

Commented:
Please discard my expression of surprise ( the "G" :) It was not meant to offend anybody nor did I mean to even type it :) oh well..

Author

Commented:
I am a total, clueless noob with this.  Would you mind giving me step-by-step instructions on how to issue the cert signed by the cert, etc.?

Thanks!
sysadmin
Commented:
Wow. Hold on a minute. It seems to me that you are trying to skip a VERY important step. Beneath the (apparently easy) solution there you would need a PKI that is endorsed by the management to ensure that it would hold its own later on. Designing your PKI isn't that simple. I suggest you include your CSO, CIO, a consultant and all the relevant management paper-pushers to a meeting that cements the foundation of your enterprise PKI with some important documents and documented key fingerprints.
If you happen to live in a country where there is a government endorsed PKI (Estonia, Belgium ...) you can use their root certs to have your enterprise root certs derive their trust from. If you don't, you can either have your own root certs (and publish these later on to parties you do business with) or have one assigned from the commercial CA (like Verisign, its subsidiary Thawte or several other players on the field). Using an enterprise PKI that leans on a countrywide/commercially published PKI has the merits of being more easily trusted by 3rd parties. Read up on a PKI design: http://www.google.com/search?q=pki+design
[you probably skipped all the previous ramble but you might want to give it a thought while it's not too late]

Then, and only then you use your Windows CA Microsoft Management Console applet to manipulate certificates (the use of Windows CA was assumed because of the Microsoft related product name occurrences in the first post:). Install Certificate Services components from Add/Remove Programs -> Windows Components on your server if you don't have the functionality - all the rest is pretty much instinctive and self explanatory (considering you have followed the recommendations above).

Author

Commented:
The situation that I have been thrown into is that all of this was apparently done and set up at some time in the past, but it was never documented.  The people that did it are long gone and I have been thrown into the deep end on this.  I managed to figure out how to make the changes on the InfoPath form, but this idiotic nonsense with certificates is driving me up the wall.  I've Googled everything in sight and what I am reading might as well have been written in Swahili for all the good it's doing me.

Aarrrgghhh.  I'm obviously frustrated and I apologize for venting at you, when all you have done is try to help me.

Here's what I've got.  When I look in the Trusted Root Certification Authorities, I see one titled Microsoft Root Authority that expires 12/13/2020.  Its Intended Purposes shows <all>.  I also see one titled Thawte Premium Server CA, expiring same date, with intended purposes of  Server Authentication and Code Signing.  Since Code Signing is what I need to do, I'm assuming that either one would be a valid certificate to use as a base for issuing a certificate for the form.  What do I need to do to accomplish that?

And thanks again for your patience with me.

Author

Commented:
Jako, I'm accepting one of your responses as my solution so you'll get the points for trying to help me.  I appreciate your efforts.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial