Marketing_Insists
asked on
code signing with internal cert srvr
In house certificate server for signing in house code.
I'm trying to set up a certificate server so that I can have developers do their own code signing.
This will be for things like internal VSTO addons and macros. The apps are not intended to be distributed outside the company.
The certificate server is setup.
From the certificate authority, I duplicated the original Code Singing template (NOTE: apparently, this step is required so that the generated cert is exportable - otherwise, the option to export is greyed out), then I assigned a few additional properties and permissions to the template, such as for the certificate to be valid for 20 years (it's for internal VSTO apps and macros and no one wants application naggs a year from now).
From http://server/certsrv
Request a certificate > submit a advanced certificate request > create and submit a request to this CA >
Certificate template: Inhouse Code signing
Key options: Microsoft Enhanced Cryptographic provider
keysize: 2048
check: mark keys as exportable
check: export keys to file: c:\here.pvk
Additional Options:
Request format: CMC
Save request to file: c:\here.cmc
FriendlyName: InternalCode
Submit
..
What now? the .pvk file seems useless and the .cmc file is a certificate request. So I submit the request like so:
Request a certificate > submit a advanced certificate request > Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Saved request: (paste in the request)
Certificate Template: Inhouse Code Signing
Submit.
The certificate you requested was issued to you.
Download certificate
So I install it.
So now, I try to sign a excel macro with that certificate, but I get an error:
"there was a problem with the digital certificate. The VBA project could not be signed. The signature will be discarded."
When I examine the certificate, I confirm that the cert is valid from my cert server and is indeed intended for code signing. No red X's or exclamation points.
Any idea how to get this to work?
I'm trying to set up a certificate server so that I can have developers do their own code signing.
This will be for things like internal VSTO addons and macros. The apps are not intended to be distributed outside the company.
The certificate server is setup.
From the certificate authority, I duplicated the original Code Singing template (NOTE: apparently, this step is required so that the generated cert is exportable - otherwise, the option to export is greyed out), then I assigned a few additional properties and permissions to the template, such as for the certificate to be valid for 20 years (it's for internal VSTO apps and macros and no one wants application naggs a year from now).
From http://server/certsrv
Request a certificate > submit a advanced certificate request > create and submit a request to this CA >
Certificate template: Inhouse Code signing
Key options: Microsoft Enhanced Cryptographic provider
keysize: 2048
check: mark keys as exportable
check: export keys to file: c:\here.pvk
Additional Options:
Request format: CMC
Save request to file: c:\here.cmc
FriendlyName: InternalCode
Submit
..
What now? the .pvk file seems useless and the .cmc file is a certificate request. So I submit the request like so:
Request a certificate > submit a advanced certificate request > Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Saved request: (paste in the request)
Certificate Template: Inhouse Code Signing
Submit.
The certificate you requested was issued to you.
Download certificate
So I install it.
So now, I try to sign a excel macro with that certificate, but I get an error:
"there was a problem with the digital certificate. The VBA project could not be signed. The signature will be discarded."
When I examine the certificate, I confirm that the cert is valid from my cert server and is indeed intended for code signing. No red X's or exclamation points.
Any idea how to get this to work?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.