Solved

Enterprise CA - Code Signing Certificate

Posted on 2009-05-12
4
764 Views
Last Modified: 2012-05-06
Is there a way to get a code signing certificate for using in MS Office that is not a user certificate?

Something that can be deployed/recognized domain wide using W2k3 Enterprise Edition Certificate Authority.

Not sure what else to ask, so if you have questions let me know.
0
Comment
Question by:TheCleaner
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
Comment Utility
There is a default template called "code signing" that you can use or duplicate if you want to change options for it in the Certificate Templates MMC.  This is not normally assigned to the CA, so you need to go into the Certification Authorities MMC - select the Certificate Templates folder - right click - new - certificate template to issue - select the code signing template (or duplicated template based on that).  You may need to wait a few minutes for AD to replicate.

You can then go to the certsrv page and select the first option twice and it should show up in the template list dropdown menu.  If it isn't there try back a few minutes later (AD replication).

If you need to check permissions, do so on the security tab of the template in the Cerificate Templates MMC.  Again, AD replication time..
0
 
LVL 23

Author Comment

by:TheCleaner
Comment Utility
Paranormastic,

I thought that was simply to allow users to get code signing certificates.  I'm trying to find a way to have a single "Company A" code signing certificate that all users inside the company can use to sign code with that will be trusted by all other users inside the company automatically.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
Comment Utility
Yes, when you do the request you can modify what the issued name is to display - instead of the user's actual name you can put in the company name.

Note that if this is used outside of your company, you might consider shelling out the cash for a commercial code signing cert - comodo has pretty decent prices for these.  If you are looking for windows kernel driver certification, then you may need to select from a specific list of about 5 CAs (comodo is not one of them) - for this I would recommend geotrust for price, or Verisign even though they are pretty spendy.

When you code sign, you might want to look into a timestamping service as well so that when the code signing cert expires the timestamp will keep it valid.  There are free timestamping services out there if you look around, although you may need to wait a day or so to get the stamped file back.  If that timeframe isn't acceptable then go with a paid service - if you get a commercial cert the timestamping is usually included as part of the price but you might just want to doublecheck with their sales or support if you're not sure.
0
 
LVL 23

Author Comment

by:TheCleaner
Comment Utility
OK thanks...that helps me at least solidify my understanding of it.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Learn about cloud computing and its benefits for small business owners.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now