2

I want to sign a .NET assembly with a code signing certificate from my local domain CA.

I tried sending a certificate request and got back a signed certificate from my local domain CA in my local certificate store. However this certificate cannot be used to sign my assembly in Visual Studio.

Since there's the option to import a CA certificate from a .pfx file, I asked my domain admin to create a new certificate and export it to .pfx for me - however he couldn't find a way to do so.

In-house Trusted Certificate describes the same problem but none of the answers actually tells how to specifically create a cert for code signing.

Community
  • 1
Filburt
  • 149
  • 1
  • 11

1 Answers1

1

You need to have your domain admin issue what I believe is called an intermediate CA cert, so that you can sign certs on behalf of the parent CA. Your device would become the intermedia CA and would not ask any other device for certificate signing.

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35
  • I'd rather not have my developer machine being a CA so I'll keep searching how to get a cert from my local domain CA. – Filburt Nov 16 '11 at 08:36