Solved

SBS2011 - CSR Certificate

Posted on 2016-09-13
4
79 Views
Last Modified: 2016-09-14
I've a CSR due to expire.. the Code Signing Cert was issued by the SBS server to the administrator.

I can't work out what its being used by? whats the best course of action to make sure it doesn't break anything when it expires at the end of the month?

From the "MMC" "Certificates" should I "Renew this certificate with the same key"

I've also checked certs under IIS / and from the SBS console but they don't match the thumbprint.
0
Comment
Question by:Member_2_7968927
  • 2
  • 2
4 Comments
 
LVL 27

Expert Comment

by:Dan McFadden
ID: 41797481
Without being sacrastic, Code Signing Certificates are for signing code.  Now that that has been said...

Here is an article describing the concept of code signing.

Link:  https://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx

In general, nothing is actively using the cert.  It is used when a developer or admin want to include a signature in their code or scripts to verify that the accompanying code is for a specific or trusted source.

IIS would not use this cert.

I use a Code Signing Cert to sign my PowerShell scripts.

I would just renew is with the same key, to be safe.

Dan.
0
 

Author Comment

by:Member_2_7968927
ID: 41797636
Hi Dan, I've tried renewing it and I get an error: "the permissions on the certificate template fo not allow the current user to enrol for this type of certificate. you do not have permission to view this type of certificate".

I'm logged in as the domain\administrator and I've tried viewing the template for "Code Signing" but everything is greyed out.. on the security tab domain\admins have "Full Control"

Any other ideas?

Thanks
0
 
LVL 27

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 41797669
You need to adjust the permissions on the Code Signing certificate template.  Below is an article on how to modify a certificate template, just do this for the Code Signing.  The article uses the Web Server certificate in its example.

Link:  https://technet.microsoft.com/en-us/library/ee649249(v=ws.10).aspx

Also discussed here on EE.

Link:  https://www.experts-exchange.com/questions/26248590/you-do-not-have-permission-to-request-this-type-of-certificate.html

Dan
0
 

Author Closing Comment

by:Member_2_7968927
ID: 41798127
Thanks for your help Dan.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question