If you’re creating macros in Microsoft Office, or other code that needs to be signed and trusted for internal use, you can easily create code signing certificates using an Enterprise Certificate Authority (ECA).
Log onto the ECA and open Server Manager
Expand Roles -> Active Directory Certificate Services
Navigate to the Certificate Templates section. In the right hand pane, right click on the Code Signing certificate. choose Properties and click on the Security tab
Add the Read and Enroll permissions for the users that need to be able to generate certificates.
In Group Policy, add the ECA server to Trusted Sites in Internet Explorer and enable “Initialize ActiveX unsafe for scripting” for the Trusted Sites zone. This resolve the “CA must be configured to use HTTPS authentication error.
Navigate to the ECA website address, e.g. http://%ECA_SERVER_NAME%/certsrv/
Choose Request a certificate, then choose the option for and advanced request, followed by Create and submit a request to this CA
Accept any security prompts that follow
From the certificate type drop down choose Code Signing, provide a friendly name and click Submit
Finally, click Install this certificate
The certificate is now installed and ready for use.