C
Carol Chisholm
Repost as the Windows security groups don't seem to be responding...
I've put an Enterprise Root CA on a Windows 2003 DC.
I've found the template for code signing and issued myself a code
signing certificate.
I have signed a VB project with this certificate.
When I run the VB code on an XP workstation which is a member of the
domain, as a user logged into the domain, I expected to get no prompt
on starting the code, but I get told that the code is signed by me,
and that the certificate is issued by my DC, and asked if I trust
myself.
I read (when you install an enterprise root CA ... the certificate of
the CA is added automatically to the Trusted Root Certification
Authorities Group Policy for the domain...)
In the Certificates MMC on the DC I can in fact see the DC itself as a
Trusted Root Certification Authority for all purposes.
In the Certification authority I can see some issued certificates,
including my code signing one.
Two of the certificates are expired, from the CAExchange template, if
I try to renew them, they tell me they don't have enough information.
So two questions:
How do I get my code to run with no prompts?
What are the CAExchange based certificates and what do I have to do to
renew them? (or do I really need them?)
I've put an Enterprise Root CA on a Windows 2003 DC.
I've found the template for code signing and issued myself a code
signing certificate.
I have signed a VB project with this certificate.
When I run the VB code on an XP workstation which is a member of the
domain, as a user logged into the domain, I expected to get no prompt
on starting the code, but I get told that the code is signed by me,
and that the certificate is issued by my DC, and asked if I trust
myself.
I read (when you install an enterprise root CA ... the certificate of
the CA is added automatically to the Trusted Root Certification
Authorities Group Policy for the domain...)
In the Certificates MMC on the DC I can in fact see the DC itself as a
Trusted Root Certification Authority for all purposes.
In the Certification authority I can see some issued certificates,
including my code signing one.
Two of the certificates are expired, from the CAExchange template, if
I try to renew them, they tell me they don't have enough information.
So two questions:
How do I get my code to run with no prompts?
What are the CAExchange based certificates and what do I have to do to
renew them? (or do I really need them?)