Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Enterprise CA - Code Signing Certificate

Posted on 2009-05-12
4
Medium Priority
?
791 Views
Last Modified: 2012-05-06
Is there a way to get a code signing certificate for using in MS Office that is not a user certificate?

Something that can be deployed/recognized domain wide using W2k3 Enterprise Edition Certificate Authority.

Not sure what else to ask, so if you have questions let me know.
0
Comment
Question by:TheCleaner
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24368774
There is a default template called "code signing" that you can use or duplicate if you want to change options for it in the Certificate Templates MMC.  This is not normally assigned to the CA, so you need to go into the Certification Authorities MMC - select the Certificate Templates folder - right click - new - certificate template to issue - select the code signing template (or duplicated template based on that).  You may need to wait a few minutes for AD to replicate.

You can then go to the certsrv page and select the first option twice and it should show up in the template list dropdown menu.  If it isn't there try back a few minutes later (AD replication).

If you need to check permissions, do so on the security tab of the template in the Cerificate Templates MMC.  Again, AD replication time..
0
 
LVL 23

Author Comment

by:TheCleaner
ID: 24369827
Paranormastic,

I thought that was simply to allow users to get code signing certificates.  I'm trying to find a way to have a single "Company A" code signing certificate that all users inside the company can use to sign code with that will be trusted by all other users inside the company automatically.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 1500 total points
ID: 24377326
Yes, when you do the request you can modify what the issued name is to display - instead of the user's actual name you can put in the company name.

Note that if this is used outside of your company, you might consider shelling out the cash for a commercial code signing cert - comodo has pretty decent prices for these.  If you are looking for windows kernel driver certification, then you may need to select from a specific list of about 5 CAs (comodo is not one of them) - for this I would recommend geotrust for price, or Verisign even though they are pretty spendy.

When you code sign, you might want to look into a timestamping service as well so that when the code signing cert expires the timestamp will keep it valid.  There are free timestamping services out there if you look around, although you may need to wait a day or so to get the stamped file back.  If that timeframe isn't acceptable then go with a paid service - if you get a commercial cert the timestamping is usually included as part of the price but you might just want to doublecheck with their sales or support if you're not sure.
0
 
LVL 23

Author Comment

by:TheCleaner
ID: 24390674
OK thanks...that helps me at least solidify my understanding of it.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Screencast - Getting to Know the Pipeline

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question