Hi AllI'm hoping someone can point me in the right direction. I want to generate a code signing certificate that a team of guys writing some PowerShell scripts can use to sign the scripts. I have figured out how to issue code signing certificates to individuals, but am not sure how to create a certificate that can be used by the whole team. I'd like to sign the scripts with a common certificate and not have us each signing the scripts individually.I have and enterprise PKI (Microsoft Certificate Services) installed in the infrastructure and want to use a certificate that is issued by this infrastructure. I know how to solve the above problem if I use makecert.exe and generate certificates, and I know how to get them published via group policy to client machines, but it seems to me that instead of working outside of the enterprise PKI, I should use it.Any advice or direction appreciated. Thanks.

I would create a custom Code Signing certificate template that implements:1) Code signing only2) stores the certificate on a smart card3) Creates a custom subject name (allowing you to put CompanyName Code Signing as the subject4) Implement time stamping internally or through a serviceYou could then keep the smart card and PIN in a safe, and pull it out when you need to sign code (after testing of course)Within your organization, the code would be trusted.If you need to go outside of your org, you need to purchase the certificate from a commercial vendorBrian

Many thanks Brian. This looks exactly like a process that could work for my situation. Two questions:1) I don't know much about smart cards. Are they something I can buy just a handful off for this purpose and are there any key technical specs I should be aware of for a card that is suitable for storing certificates on? I like the idea of using a smart card for our situation, that would work well. A quick Internet search comes up with a daunting list of options.2) Can you point me towards any guidance on creating a custom template (I'll jump in to some search engines and see what I can find also).Thanks.James.

I would recommend any cards that use Microsoft Base CSP. These implement mini-drivers that download automatically from Microsoft Update.Look at my Certificate Templates whitepaperhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspxBrian

Many thanks Brian. This looks like just what I need.

Hi Brian this certificate is only for one code or it can be using with different code also? Manish