mercredi 18 octobre 2017

strong private key protection for code signing certificate

When working with powershell script it is a good idea to sign your script if you plan on using them in your production environment. You can easily get a code signing script from your enterprise ca (active directory certificate service) or generate a self sign. There are multiple place explaining that and I got my basic stuff from here:

What is not mentioned is that you should protect your code signing certificate with "strong private key protection". To do that you have to export your current code signing certificate in PFX with the private key and then import it back (it can be done on the same computer) using the "strong private key protection" check box in the import option as shown in the picture below. At the end of the import process you will have an additionnal prompt to enter the password used to protect your private key. Obviously if you plan on protecting your private key with a password it's a good idea to NOT mark it as exportable...

Here is the password prompt for the private key protection.

Now each time you will try to use this certificate you will be prompted to enter this password.

Aucun commentaire:

Publier un commentaire