On LON-DC1
Install the full UI.
Install-WindowsFeature User-Interfaces-Infra –IncludeAllSubFeature
Install-WindowsFeature User-Interfaces-Infra –IncludeAllSubFeature
Restart.
Install AD Certificate Services.
Install-WindowsFeature AD-Certificate, ADCS-Cert-Authority –IncludeManagementTools
Install-WindowsFeature AD-Certificate, ADCS-Cert-Authority –IncludeManagementTools
Server Manager, Post-deployment
Configuration.
Create an Enterprise Root CA called “ADatum CA”.
Create an Enterprise Root CA called “ADatum CA”.
Run Certification Authority management
tool.
Right click Certificate Templates, choose
Manage.
Right-click Code Signing, choose Duplicate
Template.
General tab, Template display name “Code Signing II”.
Request Handling tab, select Allow private key to be exported.
Click OK.
General tab, Template display name “Code Signing II”.
Request Handling tab, select Allow private key to be exported.
Click OK.
Close Manage Templates.
Switch to Certification Authority
management tool.
Right click Certificate Templates, choose
New Certificate template to Issue.
Code Signing II.
Code Signing II.
On LON-CL1
Start, Run, certmgr.msc.
Right-click Personal, choose All Tasks,
Request New Certificate.
Select Certificate Enrollment Policy page, click Next.
Request Certificates page, select Code Signing II, click Enroll.
Select Certificate Enrollment Policy page, click Next.
Request Certificates page, select Code Signing II, click Enroll.
Open Personal \ Certificates.
Right-click the certificate with a template
of Code Signing II, choose Copy.
Right-click Trusted Publishers, choose Paste.
Note: In practice you should use Group Policy to distribute the Trusted Publisher certificate, probably to machines' certificate stores.
Right-click Trusted Publishers, choose Paste.
Note: In practice you should use Group Policy to distribute the Trusted Publisher certificate, probably to machines' certificate stores.
Run a PowerShell prompt.
cd CERT:\CurrentUser\my
$CSCert = (dir -CodeSigningCert)[0]
Set-AuthenticodeSignature -Certificate $CSCert -FilePath E:\Democode\
cd CERT:\CurrentUser\my
$CSCert = (dir -CodeSigningCert)[0]
Set-AuthenticodeSignature -Certificate $CSCert -FilePath E:\Democode\
If the signing is successful then you will see something similiar to the following.
SignerCertificate Status Path
----------------- ------ ----
84623FD8D796C6E722DE330B4DDFD6FEB01AF412 Valid Demo-Signing2.ps1