Geek Answers Handbook

Create a certificate signing request using the management console

I follow

https://godaddy.com/help/windows-generate-csr-for-code-or-driver-signing-certificate-7282

to create a CSR to request a code signing certificate / software publishing.

In the management console, when I right-click Certificates, and then go to All Tasks> Advanced Operations> Create a Custom Request and click Next. I can not find the "Active Directory Registration Policy" .

I dont know. Do I need to upload any template or create some kind of user policy and how?

I use windows 8, and my user account is not under any active directory domain, nor do I manage any active directory.

I am not sure if this is the right forum to ask this question. Forgive me and direct me to the right forum if it is not.

+5
source share
1 answer

Today I ran into the same problem and found a solution on MSDN . Try the following:

  • Instead of choosing an Active Directory registration policy, select Continue without a registration policy .
  • Click Next .
  • Select (No template) CNG key from Template .
  • Select PKCS # 10 as the Request Format .
  • Click Next .
  • Click the More arrow, and then the Properties button.
  • Enter the name of your certificate in the Friendly Name box on the General tab.
  • Click the Theme tab.
  • In the Subject name section, select Common name in the Type list. Enter a common name in the Value field and click Add .
  • Repeat step 9 for Organizational Unit , Locality , Status, and Country .
  • Click the Extensions tab.
  • Under Key Usage, select Digital Signature and click Add .
  • In the Using the Extended Key section, select Code Signing and click Add .
  • Under General restrictions , select the Enable this extension check box.
  • Click the Private Key tab.
  • Under Key Settings, select 2048 as Key Size .
  • Select the Make private key check box.
  • In Select a hash algorithm, select sha256 from the Hash Algorithm list.
  • Click OK .

While this is working. I was able to use my new code signing certificate to export the PFX file and successfully sign the executable.

Note: I chose sha256 instead of sha1 in step 18 because SHA-1 is deprecated .

+7
source

More articles:


All Articles