Solved

Enterprise CA - Code Signing Certificate

Posted on 2009-05-12
4
780 Views
Last Modified: 2012-05-06
Is there a way to get a code signing certificate for using in MS Office that is not a user certificate?

Something that can be deployed/recognized domain wide using W2k3 Enterprise Edition Certificate Authority.

Not sure what else to ask, so if you have questions let me know.
0
Comment
Question by:TheCleaner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24368774
There is a default template called "code signing" that you can use or duplicate if you want to change options for it in the Certificate Templates MMC.  This is not normally assigned to the CA, so you need to go into the Certification Authorities MMC - select the Certificate Templates folder - right click - new - certificate template to issue - select the code signing template (or duplicated template based on that).  You may need to wait a few minutes for AD to replicate.

You can then go to the certsrv page and select the first option twice and it should show up in the template list dropdown menu.  If it isn't there try back a few minutes later (AD replication).

If you need to check permissions, do so on the security tab of the template in the Cerificate Templates MMC.  Again, AD replication time..
0
 
LVL 23

Author Comment

by:TheCleaner
ID: 24369827
Paranormastic,

I thought that was simply to allow users to get code signing certificates.  I'm trying to find a way to have a single "Company A" code signing certificate that all users inside the company can use to sign code with that will be trusted by all other users inside the company automatically.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24377326
Yes, when you do the request you can modify what the issued name is to display - instead of the user's actual name you can put in the company name.

Note that if this is used outside of your company, you might consider shelling out the cash for a commercial code signing cert - comodo has pretty decent prices for these.  If you are looking for windows kernel driver certification, then you may need to select from a specific list of about 5 CAs (comodo is not one of them) - for this I would recommend geotrust for price, or Verisign even though they are pretty spendy.

When you code sign, you might want to look into a timestamping service as well so that when the code signing cert expires the timestamp will keep it valid.  There are free timestamping services out there if you look around, although you may need to wait a day or so to get the stamped file back.  If that timeframe isn't acceptable then go with a paid service - if you get a commercial cert the timestamping is usually included as part of the price but you might just want to doublecheck with their sales or support if you're not sure.
0
 
LVL 23

Author Comment

by:TheCleaner
ID: 24390674
OK thanks...that helps me at least solidify my understanding of it.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question