I'm working with a developer who is creating an application in Sliverlight in Visual Studio. On the properties of the Site Management there are options to choose and she needs to create a certificate so when internal users can use the application. I do have an internal Certificate Authority server but I'm not sure how to do any of this, any advice please? Thanks. I'm assuming the certificate should be issued to all users in the domain.

Hi, Thanks for posting in Microsoft TechNet forums. We can check the information and links in the article below: Active Directory Certificate Services http://technet.microsoft.com/en-us/library/cc770357(v=ws.10).aspx Regards Kevin

I'm working with a developer who is creating an application in Sliverlight in Visual Studio. On the properties of the Site Management there are options to choose and she needs to create a certificate so when internal users can use the application. I do have an internal Certificate Authority server but I'm not sure how to do any of this, any advice please? Thanks. I'm assuming the certificate should be issued to all users in the domain. If you are trying to issue a certificate to an IIS website hosting the sliverlight application, you might want to have a look at this guide http://technet.microsoft.com/en-us/library/cc732230(v=ws.10).aspx /Hasain

Thanks for the replies. No, this certificate wont be tied to an IS website. Appparently the application will reside on all the users computers and during the install of the program they or using the program they shoudlnt be prompted for a certificate or warned about any certificates so I need to create one from my CA server but I do not know how to? Thanks.

What is the purpose of the certificate and how is it used? Code signing of the application, client authentication, server authentication or any other reason? Could you please check that so we can give you better help on this /Hasain

Here is an example of an application she is going to install and it says: The Silverlight Spy setup packages on this page are digitally signed with a code signing certificate where the publisher is identified as First Floor Software. Please verify the publisher to ensure you have downloaded genuine software.

Ok, you need a code signing certificate, follow the steps below to issue and use a code signing certificate: Make the code signing certificate template available on the certificate serverRequest a code signing certificate for the user performing the signing processUse the requested certificate to sing the applicationDeploy the code signing certificate as a trusted publisher through Active Directory http://technet.microsoft.com/en-us/library/cc733026.aspx /Hasain

Thank You Hasain for your replies. Do you have steps on how to accomplish the above?

Make the code signing certificate template available on the enterprise CA server In Administrative Tools, click Certification Authority.In the console tree, expand CAName (where CAName is the name of your enterprise CA).In the console tree, select the Certificate Templates container.Right-click Certificate Templates, and then click New, Certificate Template to Issue.In the Enable Certificate Templates dialog box, select the certificate template or templates that you want the CA to issue, and then click OK.The newly selected certificate template or templates will appear in the details pane. Request the code signing certificate Click Start, click Run, type certmgr.msc, and then click OK.In MMC, expand Certificates - Current User, and then expand Personal.In the right pane, right-click and point to All tasks, and then click Request New Certificate.On the Certificate Request Wizard, click Next until you reach the Certificate Template ListOn the Certificate Template page, select the certificate template that you want the new certificate to be based on. In this scenario, select the Code signing template. Click Next.Click Next/Enroll to send the certificate request to the CA and enroll the certificateYou should see a dialog box stating The certificate request was successful. Sign the application Configure the signing certificate as a trusted publisher in AD Follow the steps outlined in this guide http://technet.microsoft.com/en-us/library/cc733026.aspx

Hasain, Thanks very much. I completed all the steps except the last one where you sent the link to configure the certificate as a trusted publisher in AD. This seems like the certificate will be pushed out using GP. I think think it would be easier if the certificated would be in the application that all the users will install on their desktop. What do you think?

how is the certificate tied in with AD? How will this effect remote users, will they be able to have the policy applied to them? This is only a program that our developer is developing for employees and needs a certificate, what does the certificate in the program authenticate against, the certificate in the CA server, sorrect. So why then does it need to go into AD?

The signing certificate needs to be configured as a trusted publisher either locally in each machine or via policies that applies to all machines. If the signing certificate is not configured as a trusted publisher, users will continue getting the warning about the applications being signed by non trusted party. You can add the trusted publisher locally as part of the installation process of your application. /Hasain

thats exactly what I would like to do, "add the trusted publisher locally as part of the installation process of your application", but how? Also, why were you recommending signing the certificate as a trusted publisher in AD rather than assigning it to the application?

Check the installer you are using, many installers have ready to use tasks for that. If your installer does not offer that you can always use other tools like the certmgr.exe http://msdn.microsoft.com/en-us/library/e78byta0.aspx to add the certificate to the local Trusted Publisher store as in the example below certmgr.exe -add MyCert.cer -s -r localMachine trustedpublisher /Hasain