MSN Home  |  My MSN  |  Hotmail
Sign in to Windows Live ID Web Search:   
go to MSNGroups 
Groups Home  |  My Groups  |  Language  |  Help  
 
Windows-Scriptwindowsscript@groups.msn.com 
  
What's New
  Join Now
  Home  
  Windows XP  
  Getting Started  
  Advanced Stuff  
  
  Code Signing  
  
  RunDLL  
  
  Script Encoder  
  
  Shell.Application  
  
  Managing IIS  
  
  SMTP Event Sync  
  
  WMI Tutorial  
  
  WMI Information Series  
  
  MSI Files  
  
  Installing Apps  
  FAQ  
  Downloads  
  Recommendations  
  MS Newsgroups  
  Upload  
  Old Homes  
  
  
  Tools  
 

Installing a Windows 2000 Server based Digital Certificate Server

  1. Decide on what you want to use certificates for and how you will issue them
    Windows 2000 supports certificate creation for SSL, email, code signing etc and can even store user certificates in the ActiveDirectory. In this example we are going to use a default configuration on a stand alone server (no AD)
  2. Add Certificate Services from the add/remove Windows Components in Control pannel
    Note: You will not be able to rename the server or change its workgroup/domain status after this
    Note: Check that IIS is running so that the WEB interface will be installed for requesting certificates
    When asked what type of CA you want select "Stand-alone root CA"
  3. You need to configure all your clients to trust this root CA. You can manually install the root CA certificate by downloading it from the CA server. http://CAServer/CertSrv
    When you double click on a certificate IE knows how to install it. For mass deployment of your root CA certificate you can use the IEAK or a logon script.
  4. Request a certificate for Code Signing from the http://CAServer/CertSrv WEB site (remember the name of this certificate)
  5. Run CertSrv.msc (MMC snapin) and approve your certificate request in the Pending Requests folder
  6. Return to http://CAServer/CertSrv and download your new certificate from the Check on Pending Certificate section.
    Install this certificate by double clicking on it.
  7. Sign you script using this certificate. I do this with Primal Script. Under Tools/Options/WSH specify the certificate name and leave the Store blank. Under the Script menu select Sign Script.

There is a lot more to certificates that I have covered here. You can download my WSH FAQ root CA certificate from here and if you send me an email I'll even create a certificate from my server for you so that you can try signing your own certificates.

Suggested reading:
Scripting Clinic: Providing a Secure eXPerience
TechNet: Certificates and Authenticode
Notice: Microsoft has no responsibility for the content featured in this group. Click here for more info.
  Try MSN Internet Software for FREE!
    MSN Home  |  My MSN  |  Hotmail  |  Search
Feedback  |  Help  
  ©2005 Microsoft Corporation. All rights reserved.  Legal  Advertise  MSN Privacy