Getting Code-Signing Certificate

Scope: Easy2Patch (All Versions)

Create Code-Signing Certificate Template

To create a Code Signing certificate template in Windows Server Certification Authority, follow these steps:

  1. Open the Certification Authority snap-in on your Windows Server.

  2. Right-click the Certificate Templates folder, and select Manage.

  3. In the Certificate Templates console, right-click Code Signing, and select Duplicate Template.

  4. In the Duplicate Template dialog box, select Windows Server 2003 Enterprise as the template type.

  5. In the General tab of the Properties dialog box, enter a unique name for the new template, such as "Code Signing 2019".

  6. In the Request Handling tab, select "Allow private key to be exported".

  7. In the Subject Name tab, select "Supply in the request".

  8. In the Extensions tab, select "Application Policies" and click Edit.

  9. In the Application Policies Properties dialog box, select "Code Signing" and click OK.

  10. In the Security tab, add the appropriate users or groups who will be able to enroll for this certificate template.

  11. Click OK to save the template.

  12. Right-click the Certificate Templates folder, select New, and select Certificate Template to Issue.

  13. In the Enable Certificate Templates dialog box, select the new Code Signing certificate template that you just created.

  14. Click OK to close the dialog box.

After completing these steps, the Code Signing certificate template will be available for users or groups to enroll and obtain a code signing certificate from your Certification Authority.

Request Code-Signing Certificate

To request a code signing certificate from a Windows Server Certification Authority (CA), you can follow the steps below:

  1. Open the Certificates snap-in for the Microsoft Management Console (MMC). You can do this by pressing the Windows key + R on your keyboard, typing "certlm.msc" in the Run dialog box, and pressing Enter.

  2. Click Personel then select Certificates in Local Machine certificate repository.

  3. Right click Certificates folder,

  4. Select All Tasks > Request New Certificate

  5. In the Certificate Enrollment wizard, select "Active Directory enrollment policy".

  6. Select "Code Signing" as the certificate template (as previously created template) and click Next.

  7. Click More Information link,

  8. In the Certificate Information window, provide the required information for the certificate, such as the Common Name and Organization.

  9. Click the Details button to specify any additional information that you want to include in the certificate request, such as the Key Usage and Extended Key Usage.

  10. Click Next to continue.

  11. Submit the certificate request file to the Windows Server Certification Authority.

Note: The steps may vary slightly depending on the version of Windows Server you are using.

Installing Code Signing Certificate

General steps to import a code signing certificate to a local machine repository:

  1. Open the Microsoft Management Console (MMC) by typing "mmc" in the Windows search bar and pressing Enter.

  2. Click on "File" in the top left corner and select "Add/Remove Snap-in".

  3. Select "Certificates" and click on "Add".

  4. Choose "Computer account" and click on "Next".

  5. Select "Local computer" and click on "Finish".

  6. Click on "OK" to close the Add/Remove Snap-in window.

  7. Expand the "Certificates (Local Computer)" folder and right-click on "Personal".

  8. Select "All Tasks" and then "Import".

  9. Follow the import wizard to browse and select the code signing certificate file and complete the import process.

  10. After the import is completed, the code signing certificate should be available in the local machine repository under the "Personal" folder.

Note: The exact steps may vary depending on the operating system and version of the MMC being used. It is also important to ensure that the code signing certificate is valid and issued by a trusted Certificate Authority (CA).

The Code-Signing certificate to be used must be located under LocalComputer\My (Personnel). Therefore, it should not be continued without importing into this repository.

Last updated