Active Directory with Certification Authority installed and configured. Your workstation should be domain-joined. Well, you could issue a code signing certificate on your CA and export the root certificate plus the code signing certificate and later import it in your local certificate store, but that’s another story which i won’t cover in this article.
Request new Code Signing Certificate
On your domain-joined workstation, open an MMC-instance
Using File menu -> Add or Remove Snap-ins (or hit Ctrl-M) in Available snap-ins select Certificates and click on Add, then when asked for This snap-in will always manage certificates for: select My user account and click on Finish
Now expand Certificates – Current User then Personal then right-click Certificates then click on All Tasks then select Request New Certificate…
click on Next
click on Next
Code Signing certificate is not available
If you can select the Code Signing Template, proceed to the next step.
Now if you can’t find the Code Signing certificate template, check Show all templates
Scroll down and find Code Signing but with the message
The requested certificate template is not supported by this CA.
A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted
no problem, read how to Enable Code Signing template on your Certification Authority
Code signing certificate is available
Select the Code Signing certificate template and click on Enroll
There you go, your Code Signing certificate has been issued – click on Finish