Tuesday, January 04, 2011

Walkthrough: Request a Digital Certificate from Certificate Server or create a testing Digital Certificate to sign a Package

This topic describes how to request a digital certificate from a certificiate server(CA), or create a testing only digital certificate, and then use the digital certificate to sign an Integration Services package.
Request a Code Signing certificate using the Active Directory Certificate Services web interface.

1. Open the Internet Explorer(IE)
2. Type the URL for the Active Directory Certificate Services web interface(e.g. http(s)://CAServerName/certsrv, where CAServerName is the DNS name of your CA server).
3. Click "Request a certificate" in the home page.
4. In the new page, click "advanced certificate request"
5. In the new page, click "Create and submit a request to this CA"
6. In the "Advanced Certificate Request" page, select "Code Signing" from the "Certificate Template", and then fill the other options(Optional)
7. Click "Submit" to request and install the certificate.
Request a Code Signing certificate using Certificate Management Console
1. Open the Management Console(MMC) by typing "mmc" in the Start > Run
2. In the MMC windows, click "File", and then click "Add/Remove Snap-in..."
3. In the "Add or Remove Snap-ins" dialog, please select "Certificates"
4. Click "Add>"
5. In the coming dialog "Certificates snap-in", select "My user account", and then click "Finish".
6. Click "OK"
7. Expand the Certificates
8. Right-click "Personal", and then select "All Tasks" > "Request a New Certificate"
9. In the "Certificate Enrollment" dialog, click "Next"
10. In the "Select Certificate Enrollment Policy", please select the available template, and then click "Next".
11. Now, the "Request Certificates" is shown. Please select "Code Signing", and then click "Enroll".
12. In the next dialog, click "Finish" to finish the request. The certificate will be installed to the Personal store automatically.
Create your own Code Signing certificate
1. Open the Command window.
2. Create a root certificate using the following command:
makecert -n "CN=SSIS Root Certificate" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -len 1024 -sr localMachine
3. Create a client certificate using the following command.
makecert -pe -n "CN=SSIS Code Signing Certificate" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

Read more: SQL Server Forum Support Team