No announcement yet.

issue certificate from CA server 2008 R2

  • Filter
  • Time
  • Show
Clear All
new posts

  • issue certificate from CA server 2008 R2

    Our developer is creating an application in Visual Basic and the application needs to be digitally signed, code signing. There's alot of information in Microsoft about certificates and it can be a little overwhelming and I'm confused on what to read from these dosuments below.
    - Implementing and Administering Certificate Templates in Windows Server 2008.doc
    - Windows Server 2008 Active Directory Certificate Services Step-By-Step Guide.doc
    Can someone please help me understand how the certificate is deployed to the users? I already installed CA server on Windows 2008 R2 and this application our developer is creating will only be for internal users and remote users all on our domain. What exactly do I need to do?

    I'm told that the signing certificate needs to be configured as a trusted publisher locally and I can add the trusted publisher as part of the installation process, but how???

    I've already accomplished all these steps below that someone suggested but I havent done the last 2 in bold.

    Is it better to assign it locally as part of the installion (that sounds better to me) or through Group Policy in AD?

    I think I woudl prefer through the application its self but I do not know how to do it.

    Make the code signing certificate template available on the enterprise CA server
    1. In Administrative Tools, click Certification Authority.
    2. In the console tree, expand CAName (where CAName is the name of your enterprise CA).
    3. In the console tree, select the Certificate Templates container.
    4. Right-click Certificate Templates, and then click New, Certificate Template to Issue.
    5. In the Enable Certificate Templates dialog box, select the certificate template or templates that you want the CA to issue, and then click OK.
    6. The newly selected certificate template or templates will appear in the details pane.
    Request the code signing certificate
    1. Click Start, click Run, type certmgr.msc, and then click OK.
    2. In MMC, expand Certificates - Current User, and then expand Personal.
    3. In the right pane, right-click and point to All tasks, and then click Request New Certificate.
    4. On the Certificate Request Wizard, click Next until you reach the Certificate Template List
    5. On the Certificate Template page, select the certificate template that you want the new certificate to be based on. In this scenario, select the Code signing template. Click Next.
    6. Click Next/Enroll to send the certificate request to the CA and enroll the certificate
    7. You should see a dialog box stating The certificate request was successful.
    Sign the application
    Configure the signing certificate as a trusted publisher in AD