Code Signing Certificates with our Internal CA.

Hi All

We have a PKI infrastructure setup here and have recently looked into signing our powershell scripts and locking down the Powershell Console.

What I would like to know is: Is it possible to enrol a code signing certificate to an AD Group, rather than a specific user?

We have quite a few people who write powershell scripts and enrolling each person and pushing out the public key through GPO trusted Publishers would be a night mare to administer.

If we could just enrol the group, hat would make it a lot easier. I hope i made my self clear enough

Many Thanks

SRFT
IM&T SRFTAsked:
Who is Participating?
 
footechConnect With a Mentor Commented:
To the best of my knowledge, no this is not possible.  A code signing cert is issued to a user.  One option you do have though is to modify the template so that under the Subject Name tab, check "Supply in the request".  Then you can request a certificate and supply a generic name.  Then you could export this certificate and supply it to all the users that you want to be able to sign scripts (or other code) with it.  They could then install the certificate into their own user store.
0
 
IM&T SRFTAuthor Commented:
Great, thank you. I'll give that a try :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.