Lot's of information on the parent page, this is what I ended up using:
I did need Admin Priv to create the key, so I used a VM and exported the "pfx" file to my LAN, but I was able to import & publish via batch without Admin Priv.
- Now open MMC, Add Cert Snap-In & Export Cert w/ Private Key
Import & Export Key on Publishing Computer:
- I found this easier to just do manually since I wouldn't be mass deploying this. I just did it via MMC and added to my Personal Store.
- I then exported the key again, but this time without the Private Key as a "file.cer"
Import Key on End Users computer without Admin:
- Note you want it to end up in "\TrustedPublishers". TrustedRoot & Personal are of no use to end-users.