06 Feb

Create a Code Signing Certificate in 30 Seconds

Have you ever needed a code signing certificate to sign a Powershell script or other piece of software within your organisation?

One of the great things about Enterprise PKI within an Active Directory environment is the ability to generate certificates for all manor of different purposes. You might want a certificate for S/MIME email, an SSL certificate for an internal web server or just a code signing certificate for internal software or scripts. All these tasks can take as little as 30 seconds.

I am going to take you through getting a code signing certificate that can be used to sign your software or scripts within your organisation.

Open up the Microsoft Management Console (mmc.exe)1af15819-6aca-438c-9def-0cd7ff5dddf1_01

Go to File > Add/Remove Snap-in… and add the Certificates snap-in.1af15819-6aca-438c-9def-0cd7ff5dddf1_02

Open up Certificates – Current User node and then on the Personal node right click and go to All Tasks > Request New Certificate…1af15819-6aca-438c-9def-0cd7ff5dddf1_03

You will see the certificate enrollment wizard appear. Click Next1af15819-6aca-438c-9def-0cd7ff5dddf1_04

Select the Active Directory Enrollment Policy and click Next. (If the AD enrollment policy doesn’t appear then your computer isn’t in a domain environment where IT support have setup an Enterprise PKI environment and unfortunately you will need to use a different method)1af15819-6aca-438c-9def-0cd7ff5dddf1_05

Select the Code Signing enrollment policy and click Enroll. (If the code signing enrollment policy isn’t available then your system support have decided not to allow you to request code signing certificates using the Enterprise PKI and you will have to find a different method)1af15819-6aca-438c-9def-0cd7ff5dddf1_06

You should hopefully get a success message.1af15819-6aca-438c-9def-0cd7ff5dddf1_07

A new certificate should have appeared in the certificates snap-in of the Microsoft Management Console under the personal node.

You can now use this certificate to sign software or scripts.