Question

I'm currently developing some software that uses XML Signing to transfer files securely between two machines. We're using X.509 certificates from our own CA as keys.

The CA (Windows 2003 server) offers several types of certificates (Email Cert, Server Cert, ...)

Which one of those would I need to generate for XML Signature? To my knowlede for signing a cert needs the "digital signing" extension, but how does that map to what Windows Server 2003 offers when filling out a certificte request?

Also helpful would be some pointers to good documentation, google searches regarding x509 drown in white noise of articles concerning other topics around certificates.

Was it helpful?

Solution

A XML Signature is just the format the signature is stored in, you do not need special key usages for XML Signatures itself.

OTHER TIPS

I don't have a direct answer, but maybe you can find it on Thawte.com. I use their certs to sign my .Net assemblies without a problem. You can view (and edit) the certificate properties in IE, see below.

alt text http://heeroz.com/thawte.jpg

If you open up the microsoft CA in administrative tools. At the bottom of the tree you will see certificate templates. Right Click and you will get the option to Manage. Select this.

A new window will open with all the certificate templates listed. You will then be able to view their properties. These will be presented as a tabbed display. On one of the tabs will be listed the purposes. Here you will see things like signing or key encipherment. You will be able to choose which template to use. A server one should be fine.

Id be more exact but I havent the CA in front of me.

Having selected which on to use make sure it is published.

Go to the first window and see if its in the list of published templates.

If not right click on Manage templates and from all tasks select publish. This will give you the option to publish.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top