ok I re-read what you told me to do and have made major progress.

My mistake was that that i wasn't browsing the certserv site from http://localhost on the Certificate services box and was using my std. read email/browse the web account. doh doh doh. Sorry.

So I'm now offerd the chance to create a Code Signing certificate.

But....

Am not offered RSA/AEs as a provider, so am opting for MS Enhanced Cryptographic.

The "Mark keys as exportable" check box is disabled, am guessing this is a big issue. So i can't check it.

The Request formats on offer are CMC & PKCS10, not sha512

When I make the request the certificate is automaticaly issued. So i don't have to authorise the requests.

When I browse "View the status of pending request" There are no certs on offer. Instead I can browse Download a CA Certificate. But my Code signing Cert is not there, just something that appears to be the root certificate for the domain.

However, the code signing cert was issues and i managed to export from the Certificates MMC for the logged on user. But I was not allowed to export the private key.

SO i've still screwed up somewhere.