Solved

SBS2011 - CSR Certificate

Posted on 2016-09-13
4
88 Views
Last Modified: 2016-09-14
I've a CSR due to expire.. the Code Signing Cert was issued by the SBS server to the administrator.

I can't work out what its being used by? whats the best course of action to make sure it doesn't break anything when it expires at the end of the month?

From the "MMC" "Certificates" should I "Renew this certificate with the same key"

I've also checked certs under IIS / and from the SBS console but they don't match the thumbprint.
0
Comment
Question by:Member_2_7968927
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41797481
Without being sacrastic, Code Signing Certificates are for signing code.  Now that that has been said...

Here is an article describing the concept of code signing.

Link:  https://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx

In general, nothing is actively using the cert.  It is used when a developer or admin want to include a signature in their code or scripts to verify that the accompanying code is for a specific or trusted source.

IIS would not use this cert.

I use a Code Signing Cert to sign my PowerShell scripts.

I would just renew is with the same key, to be safe.

Dan.
0
 

Author Comment

by:Member_2_7968927
ID: 41797636
Hi Dan, I've tried renewing it and I get an error: "the permissions on the certificate template fo not allow the current user to enrol for this type of certificate. you do not have permission to view this type of certificate".

I'm logged in as the domain\administrator and I've tried viewing the template for "Code Signing" but everything is greyed out.. on the security tab domain\admins have "Full Control"

Any other ideas?

Thanks
0
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 41797669
You need to adjust the permissions on the Code Signing certificate template.  Below is an article on how to modify a certificate template, just do this for the Code Signing.  The article uses the Web Server certificate in its example.

Link:  https://technet.microsoft.com/en-us/library/ee649249(v=ws.10).aspx

Also discussed here on EE.

Link:  https://www.experts-exchange.com/questions/26248590/you-do-not-have-permission-to-request-this-type-of-certificate.html

Dan
0
 

Author Closing Comment

by:Member_2_7968927
ID: 41798127
Thanks for your help Dan.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2012R2 Server as new Domain Controller conversion 8 77
FTP Directory Permissions 3 44
Remote assistance portal on Server 2012 standard ? 2 27
SSL-VPN 1 52
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question