Walkthrough: Request a Digital Certificate from Certificate Server or create a testing Digital Certificate to sign a Package
This topic describes how to request a digital certificate from a certificiate server(CA), or create a testing only digital certificate, and then use the digital certificate to sign an Integration Services package.
Request a Code Signing certificate using the Active Directory Certificate Services web interface.
- 1. Open the Internet Explorer(IE)
- 2. Type the URL for the Active Directory Certificate Services web interface(e.g. http(s)://CAServerName/certsrv, where CAServerName is the DNS name of your CA server).
- 3. Click "Request a certificate" in the home page.
- 4. In the new page, click "advanced certificate request"
- 5. In the new page, click "Create and submit a request to this CA"
- 6. In the "Advanced Certificate Request" page, select "Code Signing" from the "Certificate Template", and then fill the other options(Optional)
- 7. Click "Submit" to request and install the certificate.
Request a Code Signing certificate using Certificate Management Console
- 1. Open the Management Console(MMC) by typing "mmc" in the Start > Run
- 2. In the MMC windows, click "File", and then click "Add/Remove Snap-in..."
- 3. In the "Add or Remove Snap-ins" dialog, please select "Certificates"
- 4. Click "Add>"
- 5. In the coming dialog "Certificates snap-in", select "My user account", and then click "Finish".
- 6. Click "OK"
- 7. Expand the Certificates
- 8. Right-click "Personal", and then select "All Tasks" > "Request a New Certificate"
- 9. In the "Certificate Enrollment" dialog, click "Next"
- 10. In the "Select Certificate Enrollment Policy", please select the available template, and then click "Next".
- 11. Now, the "Request Certificates" is shown. Please select "Code Signing", and then click "Enroll".
- 12. In the next dialog, click "Finish" to finish the request. The certificate will be installed to the Personal store automatically.
Create your own Code Signing certificate
- 1. Open the Command window.
- 2. Create a root certificate using the following command:
makecert -n "CN=SSIS Root Certificate" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -len 1024 -sr localMachine
- 3. Create a client certificate using the following command.
makecert -pe -n "CN=SSIS Code Signing Certificate" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
Install the certificate to Personal store.
Note: Generally, after we finish the request, the certificate will be installed to Personal store automatically. Please use the Certificate snap-in to check that. If it is not installed, please request the certificate again.
Sign the package by using the certificate in BIDS.
- 1. In Business Intelligence Development Studio, open the Integration Services project that contains the package to be signed.
- 2. In Solution Explorer, double-click the package to open it.
- 3. In SSIS Designer, on the SSIS menu, clickDigital Signing.
- 4. In the Digital Signing dialog box, click Sign.
- 5. In the Select a Certificate dialog box, select a certificate.
- 6. (Optional) Click View Certificate to view certificate information.
- 7. Click OK to close the Select a Certificate dialog box.
- 8. Click OK to close the Digital Signing dialog box.
- 9. To save the updated package, click Save Selected Items on the File menu.
Comments
- Anonymous
June 11, 2015
Doesn't work. Requesting a Code Signing Certificate requires an entry in the "Saved Request" field, otherwise it fails and the form doesn't post.