IIS Server Security, Certificate for Code Signing

microsoft.public.inetserver.iis.security - About IIS Web Server Security Issues


IIS Server Security >> Certificate for Code Signing

by WJ » Fri, 19 Sep 2003 23:05:43 GMT

Security Experts,

I setup my own CA in my W2003 ADS. I got to the CertSrv site OK after
everything was installed. However, I do not see any option to apply for a
Digital Certificate used for Code Signing. I tried to duplicate the Code
Sign template on the CA server (also an AD). However, when adding a new
template to the CA store, the duplicated template did not show up, only the
default "Code Sign" template appears.

At present, my CertSrv site only gives me two options: Server or User.

Thanks your your advice,

John Webb



Top

IIS Server Security >> RE: Certificate for Code Signing

by a-jamur » Mon, 22 Sep 2003 23:35:17 GMT


hi

this is most often seen when your trying to sign VBA code, is that the case
here? If so you The Digital Certificates for VBA Projects tool is included
in other Office family product such as Microsoft Office Excel 2003 and
Microsoft Office 2003 Standard products. If you have these products, then
install the Digital Certificates for VBA Projects tool from these products.


Best regards,
Jason M. Murray [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.


--------------------
| From: "WJ" < XXXX@XXXXX.COM >
| Subject: Certificate for Code Signing
| Date: Fri, 19 Sep 2003 11:05:43 -0400
| Lines: 16
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <OO3$5$ XXXX@XXXXX.COM >
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: ip68-100-225-239.dc.dc.cox.net 68.100.225.239
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis.security:5036
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Security Experts,
|
| I setup my own CA in my W2003 ADS. I got to the CertSrv site OK after
| everything was installed. However, I do not see any option to apply for a
| Digital Certificate used for Code Signing. I tried to duplicate the Code
| Sign template on the CA server (also an AD). However, when adding a new
| template to the CA store, the duplicated template did not show up, only
the
| default "Code Sign" template appears.
|
| At present, my CertSrv site only gives me two options: Server or User.
|
| Thanks your your advice,
|
| John Webb
|
|
|



Top

IIS Server Security >> certificate for code signing

by Mikael Riska » Tue, 13 Jan 2004 15:54:54 GMT

I tried requesting a usercertificate from our W2003?
certificate server (via iis /certsrv/), but I am not able
to sign my outlook VB macros with it. I also tried
generating a selfsigned certificate with selfcert.exe
(part of office installation) and with that certificate I
was able to sign the macros. How would I go about to
generate a certificate for myself that would be issued by
our CAand would allow code-signing?

--
Mikael Riska


Top
Similar Threads

1. Code Signing Digital Certificate - IIS Server Security

2. Self Signed Certificate and HTTPS with IIS 

I imported a self-signed certificate into IIS, and set up directory 
security with 128-bit SSL, but I can't seem to access the page using 
https://. As per Microsoft's instructions the certificate was imported 
into the the 'Personal' directory of the MMC console, and is not a 
trusted certificate. Any ideas what I might be doing wrong? Am I an idiot?


W. Pooh (AKA Winnie P.)

3. Set up a valid self signed certificate that work via internet too

4. HTTPS implementation in IIS (self signed certificates usage) 

Hi there,
We have a scanerio where the clients will be communicating to the server in 
this way. We have Java keytool generated self signed certificates lying in 
the internet with the devices. When the HTTPS requests come to the server we 
need to resolve the private keys sent by the clients (they have already been 
certified by our older installation in Tomcat). So the scanerio is that all 
the devices which were communicating with the Tomcat server has to be now 
thro IIS. From IIS we will use J2K connectors to establish ISAPI filter to 
communicate with the Tomcat Servlet container. The reason for this deployment 
is to have IIS as our web server and certificate authenticator. Is this 
possible. If so can anyone help us in giving the right approach for it. 
Thank you
John

5. Self-signed certificate

6. Self-signed certificate for Windows XP 

I know that Micosoft has a utility for creating a self-signed certificate for 
Windows 2003.
What can I use for Windows XP?

7. Signing my own certificates in IIS?

8. Trusting IIS7 self signed certificates 

IIS7 in Vista provides the ability to create self signed certificates....which is a very nice feature for ASP.Net 
developers when developing ssl web sites and web services.   However the certificates are not trusted,  which means a 
browser will always present a warning,   and I suspect (though I have not tested)  accessing a local web service that 
requires ssl would fail.    I have tried adding the self signed certificate to the trusted root certificates (though I 
think the self signing may already have done this).

Is there any way to trust a self signed certificate....or do I have to get a certificate from a certificate authority?

I only need this for local development and testing. Currently I use win2k3 server as my os which, of course, can create 
its own certificates without this problem...but I'm looking to migrate to vista


Brad