Create a software publish certificate to digitally sign all msi
The person in charge of the Certificate authority in our organization is on medical leave so i have been given the following certificate task.
lease create a Software Publish Certificate for Software distribution to digitally sign all msi?s and msp built inhouse at Powerdrive.
A single certificate is required that can be incorporate into all Powerdrive/msp?s that will identify Powerdrive as the publisher. This will be required to allow management of software with Applocker Rules.
The certificate will be required by Aug 24/2012 as part of the move to SCCM 2012 project
For any additional info or testing please contact myself.
I have done some research into this and have found that i can create a certificate using makecert and then use signtool to digitally sign the msi but they say that makecert should only be used for testing purposes and i should get a thawte cert. I don't
think that is true if this is for only for inhouse apps. Could someone point me in the right direction. Excuse me for my lack of knowledge in this area
lars
August 1st, 2012 11:33am
thanks for the info. I notice in a lot of the documentation that you can use makecert to test certs but doesn't say anything about using it for production. But i notice one of the switches is
-$ CertificateAuthorite
which implies that this can be used for production intranet digital signing. thanks
Type of
certification authority. CertificateAuthority must be set to either
commercial (for certificates to be used by commercial software publishers) or
individual (for certificates to be used by individual software publishers)
lars
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2012 5:04pm
Hi Lars,
Thanks for sharing.
If we only need to use the certificate within the bounds of our organizational network, and do not need to have the certificate being recognized by those outside of our organization, we can use the MakeCert program, because they do not require a purchase from
a CA.
Here are some articles for your reference:
Acquire a Code Signing Certificate
http://technet.microsoft.com/en-us/library/cc732597(v=ws.10).aspx
How to: Create Your Own Test Certificate
http://msdn.microsoft.com/en-us/library/ff699202.aspx
Certificate selection and requirements
http://technet.microsoft.com/en-us/library/gg188582
Regards
Kevin
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
August 2nd, 2012 10:44pm
Hi Lars,
Just checking to see how is the troubleshooting going. Please feel free to let us know if you would like further assistance.
Regards
Kevin
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2012 10:33pm
Hi Lars,
Glad to hear that you found the answer. Thank you for sharing it with us.
Regards
Kevin
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
August 9th, 2012 9:52pm