Have you ever needed a code signing certificate to sign a Powershell script or other piece of software within your organisation?

One of the great things about Enterprise PKI within an Active Directory environment is the ability to generate certificates for all manor of different purposes. You might want a certificate for S/MIME email, an SSL certificate for an internal web server or just a code signing certificate for internal software or scripts. All these tasks can take as little as 30 seconds.

I am going to take you through getting a code signing certificate that can be used to sign your software or scripts within your organisation.

Open up the Microsoft Management Console (mmc.exe)

Go to File > Add/Remove Snap-in… and add the Certificates snap-in.

Open up Certificates – Current User node and then on the Personal node right click and go to All Tasks > Request New Certificate…

You will see the certificate enrollment wizard appear. Click Next

Select the Active Directory Enrollment Policy and click Next. (If the AD enrollment policy doesn’t appear then your computer isn’t in a domain environment where IT support have setup an Enterprise PKI environment and unfortunately you will need to use a different method)

Select the Code Signing enrollment policy and click Enroll. (If the code signing enrollment policy isn’t available then your system support have decided not to allow you to request code signing certificates using the Enterprise PKI and you will have to find a different method)

You should hopefully get a success message.

A new certificate should have appeared in the certificates snap-in of the Microsoft Management Console under the personal node.

You can now use this certificate to sign software or scripts.