11/11/2008

The Personal Information Exchange (PFX) certificate is required to digitally sign the System Center Mobile Device Manager (MDM) software package before distribution. This sections shows you how to create the .pfx file and use it to sign the .cab file in the section, Scripted Signing of CAB file using the CabSignTool Utility.

To create the PFX certificate, follow these steps:

  1. Create a Code Signing Template by using the Certification Authority console.

  2. Install the Code Signing Certificate from the Certification Authority Web. For example, http:// yourCA /certsrv.

  3. Export the .pfx file.

To create a code signing template

  1. From Administrative Tools, open the Certification Authorityconsole.

  2. If you have not yet selected the code signing template for issue, right-click Certificate Templates, select New, and then select Certificate Template to Issue.

  3. Select the Code Signingtemplate then choose OK.

  4. On the Certification Authoritypage, in the navigation pane, right-click Certificate Templatesand then select Manage.

  5. On the Certificate Templatespage, right-click the Code Signingtemplate and then select Duplicate Template.

  6. The Generaltab appears. Type a name for the certificate template. On the Request Handlingtab, select Allow private key to be exported.

  7. On the Securitytab, select the Enrolloption in the Allowcolumn for the administrator who is installing the template.

  8. Choose Apply, and then choose OK. Close the Certificate Templatesdialog box.

  9. On the Certification Authoritypage, in the navigation pane, right-click Certificate Templates, select New, and then select Certificate Template to issue.

  10. Select the newly created template and then choose OK.

To installing the code signing certificate from the Certification Authority Web site

  1. From any domain-joined server, open Internet Explorer. In the Addressbar, type https:// yourCA /certsrvwhere yourCAis the name or IP address of the certification authority.

  2. Select Request a Certificate, and then select Advanced Certificate Request.

  3. Select Create and Submit a Request to this CA.

  4. On the Advanced Certificate Requestpage, in the Certificate Templatesection, select the name of the code-signing template that you created in the previous procedure.

  5. Select the Mark keys as exportablecheck box.

  6. Select Store certificate in the local computer certificate store.

  7. Choose Submit.

  8. If the Potential Scripting Violationpage appears, choose Yes.

  9. On the Certificate Issuedpage, select Install this certificate. If the Potential Scripting Violationpage appears, choose Yes.

The Certificate Installedpage appears. Confirm the installation and then close Internet Explorer.

To export the .pfx file

  1. On the server where you installed the code signing certificate, choose Start, choose Run, and then in the Openbox, type MMC. Choose OK.

  2. On the Consolepage, on the Filemenu, select Add/Remove Snap in.

  3. On the Add/Remove Snap-indialog box, choose Add. The Add Standalone Snap-inpage appears. Select Certificatesand then choose Add.

  4. On the Certificates snap-inpage, select Computer account, and then choose Finish. On the Add Standalone Snap-inpage, choose Close, and then on the Add/Remove Snap-inpage, choose OK.

  5. On the Consolepage, in the navigation pane, expand Certificates – Local Computer, and then expand Personal.

  6. In the navigation pane, select Certificates.

  7. In the details pane, locate the certification authority certificate file that was issued for the Code Signing template. This file should have the name of your certification authority. Right-click this certificate, select All Tasks, and then choose Export.

  8. The Welcome to the Certificate Wizarddialog box appears. Choose Nextto continue.

  9. On the Export Private Keypage, select Yes, export the private key. Choose Next.

  10. On the Export File Formatpage, make sure that you select Personal Information Exchange – PKCS #12(.PFX). Make sure that you select the Enable strong protectionbox. Choose Next.

  11. On the Passwordpage, do not supply a password and then choose Next.

  12. On the File to Exportpage, type the path and file name of the .pfx file. For example, C:\signcert.pfx. Choose Next.

  13. Choose Finish. On the Certificate Export Wizardpage, choose OKto confirm that the export was successful.

See Also