Windows 2008 R2 ENT CA Our .net developers asked me to create a code signing cert for their applications, that was the easy part. I am very familiar with users certs and computers certs and deploying them but how do I apply this to an application??

Hello, for security i suggest to ask in http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Besides security, I would also suggest you consider posting this in the code language the application is was developed in. The users within that community will have done this before and should be able to guide you with the exact steps. -- Paul Bergson MVP - Directory Services MCITP: Enterprise Administrator MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, Vista, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

Windows 2008 R2 ENT CA Our .net developers asked me to create a code signing cert for their applications, that was the easy part. I am very familiar with users certs and computers certs and deploying them but how do I apply this to an application??

Code signing certificates are distributed to users. When necessary, a user may use .NET native tools (classes and methods) or use external tool (say, signcode.exe) to sign the data. In other words, you need to issue code signing certificate to responsible person (who will perform data signing) and the rest is done via mentioned tools.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Not being a developer I'm not sure what that means but I will pass it along, thanks. One other observance I had was that I gave the cert template a 5 year expiration however as I look at mine it is only 2 years. Any ideas?

ok, will do. One other observance I had was that I gave the cert template a 5 year expiration however as I look at mine it is only 2 years. Any ideas?

Your CA is set to default settings and a governor is limiting the validity period of issued certs to 2 years Run certutil -setreg CA\ValidityPeriodUnits 5 certutil -setreg CA\ValidityPeriod "Years" net stop certsvc && net start certsvc This will increase the max validity period to five years, matching your cert template Brian