Solved

Enterprise CA - Code Signing Certificate

Posted on 2009-05-12
4
771 Views
Last Modified: 2012-05-06
Is there a way to get a code signing certificate for using in MS Office that is not a user certificate?

Something that can be deployed/recognized domain wide using W2k3 Enterprise Edition Certificate Authority.

Not sure what else to ask, so if you have questions let me know.
0
Comment
Question by:TheCleaner
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24368774
There is a default template called "code signing" that you can use or duplicate if you want to change options for it in the Certificate Templates MMC.  This is not normally assigned to the CA, so you need to go into the Certification Authorities MMC - select the Certificate Templates folder - right click - new - certificate template to issue - select the code signing template (or duplicated template based on that).  You may need to wait a few minutes for AD to replicate.

You can then go to the certsrv page and select the first option twice and it should show up in the template list dropdown menu.  If it isn't there try back a few minutes later (AD replication).

If you need to check permissions, do so on the security tab of the template in the Cerificate Templates MMC.  Again, AD replication time..
0
 
LVL 23

Author Comment

by:TheCleaner
ID: 24369827
Paranormastic,

I thought that was simply to allow users to get code signing certificates.  I'm trying to find a way to have a single "Company A" code signing certificate that all users inside the company can use to sign code with that will be trusted by all other users inside the company automatically.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24377326
Yes, when you do the request you can modify what the issued name is to display - instead of the user's actual name you can put in the company name.

Note that if this is used outside of your company, you might consider shelling out the cash for a commercial code signing cert - comodo has pretty decent prices for these.  If you are looking for windows kernel driver certification, then you may need to select from a specific list of about 5 CAs (comodo is not one of them) - for this I would recommend geotrust for price, or Verisign even though they are pretty spendy.

When you code sign, you might want to look into a timestamping service as well so that when the code signing cert expires the timestamp will keep it valid.  There are free timestamping services out there if you look around, although you may need to wait a day or so to get the stamped file back.  If that timeframe isn't acceptable then go with a paid service - if you get a commercial cert the timestamping is usually included as part of the price but you might just want to doublecheck with their sales or support if you're not sure.
0
 
LVL 23

Author Comment

by:TheCleaner
ID: 24390674
OK thanks...that helps me at least solidify my understanding of it.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question