Automatic Distribution of Authenticode Certificates

In my previous post i talked about how to get a code signing cert for Authenticode or ClickOnce.

In a corporate environment every client has to trust this cert (e.g. if you want to suppress the trust question in ClickOnce for trusted apps).

In Active Directory you can use GPOs to distribute the certs.

Root CA Certificate
Add a GPO to AD and link at the appropriate level. Computer Settings -> Windows Settings -> Security -> Public Key Policies. Add the root CA cert under “Trusted Root Certification Authorities”

Authenticode Certificate
Add a GPO to AD and link at the appropriate level. User Settings-> Windows Settings -> Internet Explorer Maintenance -> Security -> Authenticode Settings. Click Import and then Modify. If you don’t want your users to modify their trusted publisher cert store on their own, you should also click “Lock down Trusted Publishers” as well as disable the corresponding Control Panel applet.

Then, give AD some time to think about it, err, replicate…


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s