[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 181
  • Last Modified:

SBS2011 - CSR Certificate

I've a CSR due to expire.. the Code Signing Cert was issued by the SBS server to the administrator.

I can't work out what its being used by? whats the best course of action to make sure it doesn't break anything when it expires at the end of the month?

From the "MMC" "Certificates" should I "Renew this certificate with the same key"

I've also checked certs under IIS / and from the SBS console but they don't match the thumbprint.
0
Member_2_7968927
Asked:
Member_2_7968927
  • 2
  • 2
1 Solution
 
Dan McFaddenSystems EngineerCommented:
Without being sacrastic, Code Signing Certificates are for signing code.  Now that that has been said...

Here is an article describing the concept of code signing.

Link:  https://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx

In general, nothing is actively using the cert.  It is used when a developer or admin want to include a signature in their code or scripts to verify that the accompanying code is for a specific or trusted source.

IIS would not use this cert.

I use a Code Signing Cert to sign my PowerShell scripts.

I would just renew is with the same key, to be safe.

Dan.
0
 
Member_2_7968927Author Commented:
Hi Dan, I've tried renewing it and I get an error: "the permissions on the certificate template fo not allow the current user to enrol for this type of certificate. you do not have permission to view this type of certificate".

I'm logged in as the domain\administrator and I've tried viewing the template for "Code Signing" but everything is greyed out.. on the security tab domain\admins have "Full Control"

Any other ideas?

Thanks
0
 
Dan McFaddenSystems EngineerCommented:
You need to adjust the permissions on the Code Signing certificate template.  Below is an article on how to modify a certificate template, just do this for the Code Signing.  The article uses the Web Server certificate in its example.

Link:  https://technet.microsoft.com/en-us/library/ee649249(v=ws.10).aspx

Also discussed here on EE.

Link:  https://www.experts-exchange.com/questions/26248590/you-do-not-have-permission-to-request-this-type-of-certificate.html

Dan
0
 
Member_2_7968927Author Commented:
Thanks for your help Dan.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now