Request/Creating a Code Signing Certificate

Question

I have need for a code signing certificate which is trusted by a CA in the windows domain. How do I request/create this certificate?

Do I have to request a code signing certificate on the certificate server? I do not have access to this server myself and want to know if this is the only option. I believe that you have to enable the code signing template before you can request a certificate, which can be used to sign code (in my situation an InfoPath form). Is this correct?

I'm also wondering about the possiblity to create a self signed certificate and make this trusted by the CA on the certificate server. Is this possible and considered good practice?

And a bit more practical, can you request a code signing certificate from a CA certificate on a client environment? If this is possible I assume you need to possess both private and public keys?

Extra information would be appreciated.

Answer 1

I don't know exactly what you are wondering, but as far as I know you have to download the code signing certificate to each computer that you want to use it on.

The only way to get a trusted certificate is through a Certificate Authority here are a few and their prices:

• Go Daddy $199/year
• InstantSSL $180/year
• KSoftware (resale of Comodo) $95/year
• Comodo SSL Store $100/year

Then you can sign the code using Microsoft's SignTool.

Answer 2

Many code signing implementations will provide a way to sign the code using a system involving a pair of keys, one public and one private, similar to the process employed by SSL or SSH. For example, in the case of .NET, the developer uses a private key to sign their libraries or executables each time they build. This key will be unique to a developer or group or sometimes per application or object. The developer can either generate this key on their own or obtain one from a trusted certificate authority (CA).

one of the trusted certificate authority which i am using

Thesslstore $79.20/year