Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

Lot's of information on the parent page, this is what I ended up using:

I did need Admin Priv to create the key, so I used a VM and exported the "pfx" file to my LAN, but I was able to import & publish via batch without Admin Priv.

Create Key:

New-SelfSignedCertificate -DnsName User@Domain.com -Type CodeSigning -NotAfter (Get-Date).AddMonths(36)
  • Now open MMC, Add Cert Snap-In & Export Cert w/ Private Key

Import & Export Key on Publishing Computer:

  • I found this easier to just do manually since I wouldn't be mass deploying this. I just did it via MMC and added to my Personal Store.
  • I then exported the key again, but this time without the Private Key as a "file.cer"

Import Key on End Users computer without Admin:

  • Note you want it to end up in "\TrustedPublishers". TrustedRoot & Personal are of no use to end-users.
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -c Import-Certificate -FilePath "\\Server\Path\User@Domain.com.cer" -CertStoreLocation Cert:\CurrentUser\TrustedPublisher
  • No labels