Code Signing Certificate

Home Forums Server Operating Systems Windows Server 2008 / 2008 R2 Code Signing Certificate

Viewing 1 post (of 1 total)
  • Author

  • shmengie

    So, our programmers need a code signing certificate. Before I go out and buy one, I thought I’d see what I can do in-house, seeing as we have a paid-for root certificate and all.

    It’s easy enough to export a pfx from the root cert, and that tests fine for them. But, I don’t want them with a private key cert to an app they’re writing that will have carte blanche on the domain. So, what I’d like to try is this: Edit the root cert, unchecking all roles except for code signing, and export it like that. Then, immediately re-edit the root cert and put all the roles back. Will that work? I feel like it won’t, but I can’t say why. And I’m hesitant to try it. We use that root cert for our radius server, among other things, and am not interested in messing it up.

    I can also export a .cer from a public cert. I’ve looked around for “convert cer to pfx,” but that doesn’t look like a real thing. There’s some how-to’s, but I’m not having any luck.

    Yeah, I know, those code signing certs are pretty cheap to buy. How else am I gonna learn, though? :)

    Anyone have any experience with this? Any input is totally appreciated.


Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: