Issue a code signing certificate using your in house Windows Certification Authority


Active Directory with Certification Authority installed and configured. Your workstation should be domain-joined. Well, you could issue a code signing certificate on your CA and export the root certificate plus the code signing certificate and later import it in your local certificate store, but that’s another story which i won’t cover in this article.

Request new Code Signing Certificate

On your domain-joined workstation, open an MMC-instance

Using File menu -> Add or Remove Snap-ins (or hit Ctrl-M) in Available snap-ins select Certificates and click on Add, then when asked for This snap-in will always manage certificates for: select My user account and click on Finish

Now expand Certificates – Current User then Personal then right-click Certificates then click on All Tasks then select Request New Certificate…

click on Next

click on Next

Code Signing certificate is not available

If you can select the Code Signing Template, proceed to the next step.
Now if you can’t find the Code Signing certificate template, check Show all templates

Scroll down and find Code Signing but with the message
The requested certificate template is not supported by this CA.
A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted

no problem, read how to Enable Code Signing template on your Certification Authority

Code signing certificate is available

Select the Code Signing certificate template and click on Enroll

There you go, your Code Signing certificate has been issued – click on Finish