Link to home
Start Free TrialLog in
Avatar of Marketing_Insists
Marketing_Insists

asked on

code signing with internal cert srvr

In house certificate server for signing in house code.

I'm trying to set up a certificate server so that I can have developers do their own code signing.

This will be for things like internal VSTO addons and macros.  The apps are not intended to be distributed outside the company.

The certificate server is setup.

From the certificate authority, I duplicated the original Code Singing template (NOTE: apparently, this step is required so that the generated cert is exportable - otherwise, the option to export is greyed out), then I assigned a few additional properties and permissions to the template, such as for the certificate to be valid for 20 years (it's for internal VSTO apps and macros and no one wants application naggs a year from now).

From http://server/certsrv
Request a certificate > submit a advanced certificate request > create and submit a request to this CA >
Certificate template: Inhouse Code signing
Key options: Microsoft Enhanced Cryptographic provider
keysize: 2048
check: mark keys as exportable
check: export keys to file: c:\here.pvk

Additional Options:
Request format: CMC
Save request to file: c:\here.cmc
FriendlyName: InternalCode

Submit

..

What now?  the .pvk file seems useless and the .cmc file is a certificate request.  So I submit the request like so:
Request a certificate > submit a advanced certificate request > Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

Saved request: (paste in the request)
Certificate Template: Inhouse Code Signing
Submit.

The certificate you requested was issued to you.
   Download certificate

So I install it.

So now, I try to sign a excel macro with that certificate, but I get an error:
"there was a problem with the digital certificate.  The VBA project could not be signed.  The signature will be discarded."

When I examine the certificate, I confirm that the cert is valid from my cert server and is indeed intended for code signing.  No red X's or exclamation points.

Any idea how to get this to work?
SOLUTION
Avatar of itsmein
itsmein
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Paranormastic
Paranormastic
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial