Supporting Digital Signatures in Browser Forms

Digital signatures can be used in Office InfoPath 2007 browser forms to sign sections of data. However, the certificate that you use must be installed on both the client and SharePoint server machines. On the client machine, the certificate must reside in the user’s Personal certificate store. On the SharePoint server machine, the certificate must reside in the Trusted Root Certification Authorities certificate store. Otherwise, you could see the following error in the browser when attempting to digitally sign data:

Digital Signature Error

If you need to move a certificate from one machine to another, you can use the Internet Options dialog box in Internet Explorer to perform the export/import operations. When exporting a certificate, ensure that you also export the private key and include all certificates in the certification path. In the following example, I will export the certificate from the client machine.

To export the certificate:

  1. In Internet Explorer, click Tools | Internet Options.
  2. In the Internet Options dialog box, click the Content tab.
  3. Click Certificates and then click the Personal tab.
  4. Select the appropriate certificate and click Export.
  5. In the first page of the Certificate Export Wizard, click Next.
  6. In the next page of the Certificate Export Wizard, click Yes, export the private key and click Next.
    Export the Private Key
  7. In the next page of the Certificate Export Wizard, select the Include all certificates in the certification path if possible check box and click Next.
    Include All Certificates
  8. In the next page of the Certificate Export Wizard, type and confirm a password and click Next.
  9. In the next page of the Certificate Export Wizard, click Browse, save the certificate as a .pfx file, and then click Next in the wizard.
  10. In the last page of the Certificate Export Wizard, click Finish.
  11. Click OK in the dialog box indicating that the export was successful.
  12. In the Certificates dialog box, click Close.
  13. In the Internet Options dialog box, click OK.

You can then move the .pfx file to the SharePoint server machine. On that machine, you would then import the certificate into the Trusted Root Certification Authorities certificate store.

To import the certificate:

  1. In Internet Explorer, click Tools | Internet Options.
  2. In the Internet Options dialog box, click the Content tab.
  3. Click Certificates and then click the Trusted Root Certification Authorities tab.
  4. Click Import.
  5. In the first page of the Certificate Import Wizard, click Next.
  6. In the next page of the Certificate Import Wizard, click Browse, locate and then double-click the .pfx file, and then click Next in the wizard.
  7. In the next page of the Certificate Import Wizard, type the password and click Next.
  8. In the next page of the Certificate Import Wizard, click Next to place the certificate in the Trusted Root Certification Authorities certificate store.
  9. In the last page of the Certificate Import Wizard, click Finish.
  10. In the Security Warning dialog box, click Yes to install the certificate.
  11. Click OK in the dialog box indicating that the import was successful.
  12. In the Certificates dialog box, click Close.
  13. In the Internet Options dialog box, click OK.

Leave a Reply

Your email address will not be published. Required fields are marked *