Requesting a Digital Certificate


[This topic covers a procedure for working with the XML digital signatures support implemented in MSXML 5.0 for Microsoft Office Applications. XML digital signatures are not supported in MXSML 6.0 and later.]

Before you use IXMLDigitalSignature or IXMLDigitalSignatureEx interface to sign an XML document, you must have a digital certificate installed on your machine. To obtain a digital certificate, you must request one from a certificate authority (CA). You can either access a CA or set up your own. For instructions on setting up a private CA, see Setting Up a Certificate Authority.

The following steps describe how to request a certificate from a CA running Microsoft Certificate Services, supported on a Windows server machine.

To request a certificate from a certificate authority

  1. Go to the CA by pointing your Web browser to the hosting web server — for example http://myCAServer/CertSrv, where myCAServer is the name of the Web server that also hosts the CA. "CertSrv" is the name of the virtual directory offering the certificate service.

  2. Under Select a task, check Request a certificate. Click Next.

  3. On the Choose Request Type page, select Advanced request. Click Next.

  4. On the Advanced Certificate Requests page, select Submit a certificate request to this CA using a form. Click Next.

  5. On the Advanced Certificate Request page, perform the following tasks:

    1. Fill in Identifying Information as appropriate.

    2. For Intended Purpose, select Code Signing Certificate.

    3. For the CSP entry under Key Options, select "Microsoft Enhanced Cryptographic Provider v1.0" for use with the PROV_RSA_FULL type.

    4. For Key Usage, select Signature.

    5. Select Create new key set, and check the Set the container name checkbox.

    6. Type a name, such as "MyRSAFullKeys", for the Container name field.

      System_CAPS_ICON_note.jpg Note

      All the sample files in the Digital Signatures Reference section use "MyRSAFullKeys" as the container name. Therefore, it is recommended that you use this name for testing purposes. If you choose a different name, you will need to supply it to some key handling methods, such as createKeyFromCSP, for the samples to run.

    7. Leave the remaining items with their default settings.

  6. Click Submit to finish the request.

Now your request is pending. Depending on the CA you use, you might need to check the status of the request periodically. If you created your own CA, you will have to issue a certificate for the pending request.

After the certificate has been issued, you can install the certificate.