Generate Code Signing Certificates Using An Enterprise Certificate Authority

If you’re creating macros in Microsoft Office, or other code that needs to be signed and trusted for internal use, you can easily create code signing certificates using an Enterprise Certificate Authority (ECA).

Log onto the ECA and open Server Manager

Expand Roles -> Active Directory Certificate Services

Navigate to the Certificate Templates section.  In the right hand pane, right click on the Code Signing certificate. choose Properties and click on the Security tab

Add the Read and Enroll permissions for the users that need to be able to generate certificates.


In Group Policy, add the ECA server to Trusted Sites in Internet Explorer and enable “Initialize ActiveX unsafe for scripting” for the Trusted Sites zone.  This resolve the “CA must be configured to use HTTPS authentication error.

Navigate to the ECA website address, e.g. http://%ECA_SERVER_NAME%/certsrv/

Choose Request a certificate, then choose the option for and advanced request, followed by Create and submit a request to this CA

Accept any security prompts that follow

From the certificate type drop down choose Code Signing, provide a friendly name and click Submit

Finally, click Install this certificate

The certificate is now installed and ready for use.