SBS2011 - CSR Certificate

I've a CSR due to expire.. the Code Signing Cert was issued by the SBS server to the administrator.

I can't work out what its being used by? whats the best course of action to make sure it doesn't break anything when it expires at the end of the month?

From the "MMC" "Certificates" should I "Renew this certificate with the same key"

I've also checked certs under IIS / and from the SBS console but they don't match the thumbprint.
Member_2_7968927Asked:
Who is Participating?
 
Dan McFaddenConnect With a Mentor Systems EngineerCommented:
You need to adjust the permissions on the Code Signing certificate template.  Below is an article on how to modify a certificate template, just do this for the Code Signing.  The article uses the Web Server certificate in its example.

Link:  https://technet.microsoft.com/en-us/library/ee649249(v=ws.10).aspx

Also discussed here on EE.

Link:  https://www.experts-exchange.com/questions/26248590/you-do-not-have-permission-to-request-this-type-of-certificate.html

Dan
0
 
Dan McFaddenSystems EngineerCommented:
Without being sacrastic, Code Signing Certificates are for signing code.  Now that that has been said...

Here is an article describing the concept of code signing.

Link:  https://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx

In general, nothing is actively using the cert.  It is used when a developer or admin want to include a signature in their code or scripts to verify that the accompanying code is for a specific or trusted source.

IIS would not use this cert.

I use a Code Signing Cert to sign my PowerShell scripts.

I would just renew is with the same key, to be safe.

Dan.
0
 
Member_2_7968927Author Commented:
Hi Dan, I've tried renewing it and I get an error: "the permissions on the certificate template fo not allow the current user to enrol for this type of certificate. you do not have permission to view this type of certificate".

I'm logged in as the domain\administrator and I've tried viewing the template for "Code Signing" but everything is greyed out.. on the security tab domain\admins have "Full Control"

Any other ideas?

Thanks
0
 
Member_2_7968927Author Commented:
Thanks for your help Dan.
0
All Courses

From novice to tech pro — start learning today.