Announcement

Collapse
No announcement yet.

Certificate Usage Key Problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate Usage Key Problem

    Dear All,
    I have created a Certification Authority in my Windows Server 2003 for issuing digital signatures. The purpose of this is to sign Infopath form for developers who are creating solutions in InfoPath 2003 using VS.NET 2003 C# managed code. On the client(the developers) machine when I request and install the certificate by using http://Myservername/certsrv. After following the basic steps I reach the following page. The problem is the Key Usage ( which is enclosed in red rectangle), is always "Exchange" while Infopath forms cannot be signed by this key value. For signing Infopath form the Key Usage attribute value must include Digital Signature or Non-Repudiation. The Key Usage radio button is totally disabled. Can any one please suggest me what can I do so that the Key Usage should be either Digital signature or Non-Repudiation or Both. the screen shot is here:


    I am very much stuck and feeling embarrassment.

    thanks in advance...
    Always Curious!

  • #2
    Re: Certificate Usage Key Problem

    -On the CA, go to Start -> Run... -> type in certsrv.msc and press enter
    -Expand the tree, right-click Certificate Templates and select New \ Certificate Template to Issue
    -Select Code Signing and click OK
    -Go back to the certificate request page and select Code Signing from the dropdown menu.
    Click image for larger version

Name:	certrequest.jpg
Views:	1
Size:	49.3 KB
ID:	463200
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Certificate Usage Key Problem

      Dear sir
      thanks for your consideration and quick response. After following the steps you had mentioned I am still unable to resolve my issue. On the request page of the certificate the under Certificate Template there is no option of the Code Signing in the drop-down list as it was in your screen shot. Here is my screen shot.



      When I only added the Code Singing Template on the CA, the certificate request page did not show the code signing option therefore i added all the certificate templates on the CA. The following is an excerpt from Msdn infopath which describes the conditions for the digital signatures for infopath

      Not all digital certificates can be used to sign data in InfoPath forms. For a certificate to be valid, it must be an X.509 digital certificate with the following set of characteristics:

      * The Key Usage attribute value must include Digital Signature or Non-Repudiation. While certificates with the value set to Digital Signature or Both can be used to sign, certificates with the value set to Exchange cannot be used to sign data in InfoPath forms.
      * The certificate must not be expired or revoked, and the date of issue must be in the past.
      * The certificate must be associated with a private key on the user's computer.
      * To be trusted, the certificate authority that issued the certificate must be in the Trusted Root Certification Authorities store on the user's computer.

      Note Installed digital certificates that are not trusted are available, and can be used to sign data in InfoPath forms, even though they create a signature that is not trusted. However, the signature becomes valid once the certificate authority that issued the certificate is added to the Trusted Root Certification Authorities store on a user's computer.



      Stilll stuck badly.....
      Waiting for your kind reply!!!!!!!!!!
      Last edited by Curious; 8th June 2007, 07:23.
      Always Curious!

      Comment


      • #4
        Re: Certificate Usage Key Problem

        I forgot to tell you to change the permissions so that the user has permission to enrol. You do this through the Certificate Templates snap-in.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Certificate Usage Key Problem

          Wow sir...done...but I still get some Infopath error regarding digital signature which is not appropriate here to describe here.

          thanks sir... you are a life-savor!!!!!!!!
          Always Curious!

          Comment


          • #6
            Re: Certificate Usage Key Problem

            Glad to help.

            Good luck on the Infopath error.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment

            Working...
            X