Walkthrough: Request a Digital Certificate from Certificate Server or create a testing Digital Certificate to sign a Package

This topic describes how to request a digital certificate from a certificiate server(CA), or create a testing only digital certificate, and then use the digital certificate to sign an Integration Services package.

Request a Code Signing certificate using the Active Directory Certificate Services web interface.

  • 1. Open the Internet Explorer(IE)
  • 2. Type the URL for the Active Directory Certificate Services web interface(e.g. http(s)://CAServerName/certsrv, where CAServerName is the DNS name of your CA server).
  • 3. Click "Request a certificate" in the home page.
  • 4. In the new page, click "advanced certificate request"
  • 5. In the new page, click "Create and submit a request to this CA"
  • 6. In the "Advanced Certificate Request" page, select "Code Signing" from the "Certificate Template", and then fill the other options(Optional)
  • 7. Click "Submit" to request and install the certificate.

Request a Code Signing certificate using Certificate Management Console

  • 1. Open the Management Console(MMC) by typing "mmc" in the Start > Run
  • 2. In the MMC windows, click "File", and then click "Add/Remove Snap-in..."
  • 3. In the "Add or Remove Snap-ins" dialog, please select "Certificates"
  • 4. Click "Add>"
  • 5. In the coming dialog "Certificates snap-in", select "My user account", and then click "Finish".
  • 6. Click "OK"
  • 7. Expand the Certificates
  • 8. Right-click "Personal", and then select "All Tasks" > "Request a New Certificate"
  • 9. In the "Certificate Enrollment" dialog, click "Next"
  • 10. In the "Select Certificate Enrollment Policy", please select the available template, and then click "Next".
  • 11. Now, the "Request Certificates" is shown. Please select "Code Signing", and then click "Enroll".
  • 12. In the next dialog, click "Finish" to finish the request. The certificate will be installed to the Personal store automatically.

Create your own Code Signing certificate

  • 1. Open the Command window.
  • 2. Create a root certificate using the following command:

makecert -n "CN=SSIS Root Certificate" -a sha1 -eku -r -sv root.pvk root.cer -ss Root -len 1024 -sr localMachine

  • 3. Create a client certificate using the following command.

makecert -pe -n "CN=SSIS Code Signing Certificate" -ss MY -a sha1 -eku -iv root.pvk -ic root.cer


Install the certificate to Personal store.

Note: Generally, after we finish the request, the certificate will be installed to Personal store automatically. Please use the Certificate snap-in to check that. If it is not installed, please request the certificate again.


Sign the package by using the certificate in BIDS.

  • 1. In Business Intelligence Development Studio, open the Integration Services project that contains the package to be signed.
  • 2. In Solution Explorer, double-click the package to open it.
  • 3. In SSIS Designer, on the SSIS menu, clickDigital Signing.
  • 4. In the Digital Signing dialog box, click Sign.
  • 5. In the Select a Certificate dialog box, select a certificate.
  • 6. (Optional) Click View Certificate to view certificate information.
  • 7. Click OK to close the Select a Certificate dialog box.
  • 8. Click OK to close the Digital Signing dialog box.
  • 9. To save the updated package, click Save Selected Items on the File menu.