In house certificate server for signing in house code.
I'm trying to set up a certificate server so that I can have developers do their own code signing.
This will be for things like internal VSTO addons and macros. The apps are not intended to be distributed outside the company.
The certificate server is setup.
From the certificate authority, I duplicated the original Code Singing template (NOTE: apparently, this step is required so that the generated cert is exportable - otherwise, the option to export is greyed out), then I assigned a few additional properties and permissions to the template, such as for the certificate to be valid for 20 years (it's for internal VSTO apps and macros and no one wants application naggs a year from now).
Request a certificate > submit a advanced certificate request > create and submit a request to this CA >
Certificate template: Inhouse Code signing
Key options: Microsoft Enhanced Cryptographic provider
check: mark keys as exportable
check: export keys to file: c:\here.pvk
Request format: CMC
Save request to file: c:\here.cmc
What now? the .pvk file seems useless and the .cmc file is a certificate request. So I submit the request like so:
Request a certificate > submit a advanced certificate request > Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Saved request: (paste in the request)
Certificate Template: Inhouse Code Signing
The certificate you requested was issued to you.
So I install it.
So now, I try to sign a excel macro with that certificate, but I get an error:
"there was a problem with the digital certificate. The VBA project could not be signed. The signature will be discarded."
When I examine the certificate, I confirm that the cert is valid from my cert server and is indeed intended for code signing. No red X's or exclamation points.
Any idea how to get this to work?