Deployment Form - Signing

Marc Nemegeer · Sep 7, 2005

Hi,

I want to deploy a fully trusted form. Up to now, I'm using an msi. The IT
department prefers to sign the form.

A looked at the Verisign site, but I'm not sure what kind of certificate I
need. I presume it is a Microsoft Authenticode digital ID.

Is this right ? And I'm correct that when the form comes from this trusted
publisher it will have full trust without installing anything on the client
computer ??

Regards,
Marc

Sheetal D [MSFT] · Sep 7, 2005

Hello Marc,

You need a code signing certificate from Verisign or from some trusted authorities. Once you get the certificate ask the network admin
people to install it. You can also view the certificates issued by trusted authorities which are installed on your system.
To do so:
1) On the command line type "certmgr.msc"
2) This will open up a Certifications window. Go to "Trusted root certification Authorities" --> Certificates.
3) You can view all the trusted certificates here.

Refer the following articles to know more on getting a certificate from trusted authority so that it will be valid on all the machines within the
intranet:

(a) Cryptography for Network and Information Security
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?
url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsch_key_msjr.asp
(b) Setting up a Certificate Authority
http://msdn.microsoft.com/library/d...html/29ff74a2-249a-4ecf-8a2a-ff0ba572e4db.asp
(c) Building an Enterprise Root Certification Authority in Small and Medium Businesses
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/build_ent_root_ca.mspx

Once you make the form fully trusted using certificate you need not have to install anything on the client system.

Hope this helps!

Best Regards,
Sheetal D
Microsoft Developer Support

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Deployment Form - Signing
thread-index: AcWzwL3vSIcJP795TaC4lUy126LmGg==
X-WBNR-Posting-Host: 194.7.246.18
From: "=?Utf-8?B?TWFyYyBOZW1lZ2Vlcg==?=" <[email protected]>
Subject: Deployment Form - Signing
Date: Wed, 7 Sep 2005 08:28:05 -0700
Lines: 15
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.infopath
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.infopath:16718
X-Tomcat-NG: microsoft.public.infopath

Hi,

I want to deploy a fully trusted form. Up to now, I'm using an msi. The IT
department prefers to sign the form.

A looked at the Verisign site, but I'm not sure what kind of certificate I
need. I presume it is a Microsoft Authenticode digital ID.

Is this right ? And I'm correct that when the form comes from this trusted
publisher it will have full trust without installing anything on the client
computer ??

Regards,
Marc

Marc Nemegeer · Sep 7, 2005

thanks, I'll give it a try,
Marc

Sheetal D said:
Hello Marc,

You need a code signing certificate from Verisign or from some trusted authorities. Once you get the certificate ask the network admin
people to install it. You can also view the certificates issued by trusted authorities which are installed on your system.
To do so:
1) On the command line type "certmgr.msc"
2) This will open up a Certifications window. Go to "Trusted root certification Authorities" --> Certificates.
3) You can view all the trusted certificates here.

Refer the following articles to know more on getting a certificate from trusted authority so that it will be valid on all the machines within the
intranet:

(a) Cryptography for Network and Information Security
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?
url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsch_key_msjr.asp
(b) Setting up a Certificate Authority
http://msdn.microsoft.com/library/d...html/29ff74a2-249a-4ecf-8a2a-ff0ba572e4db.asp
(c) Building an Enterprise Root Certification Authority in Small and Medium Businesses
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/build_ent_root_ca.mspx

Once you make the form fully trusted using certificate you need not have to install anything on the client system.

Hope this helps!

Best Regards,
Sheetal D
Microsoft Developer Support

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Deployment Form - Signing
thread-index: AcWzwL3vSIcJP795TaC4lUy126LmGg==
X-WBNR-Posting-Host: 194.7.246.18
From: "=?Utf-8?B?TWFyYyBOZW1lZ2Vlcg==?=" <[email protected]>
Subject: Deployment Form - Signing
Date: Wed, 7 Sep 2005 08:28:05 -0700
Lines: 15
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.infopath
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.infopath:16718
X-Tomcat-NG: microsoft.public.infopath

Hi,

I want to deploy a fully trusted form. Up to now, I'm using an msi. The IT
department prefers to sign the form.

A looked at the Verisign site, but I'm not sure what kind of certificate I
need. I presume it is a Microsoft Authenticode digital ID.

Is this right ? And I'm correct that when the form comes from this trusted
publisher it will have full trust without installing anything on the client
computer ??

Regards,
Marc

Deployment Form - Signing

Marc Nemegeer

Sheetal D [MSFT]

Marc Nemegeer