So, our programmers need a code signing certificate. Before I go out and buy one, I thought I’d see what I can do in-house, seeing as we have a paid-for root certificate and all.
It’s easy enough to export a pfx from the root cert, and that tests fine for them. But, I don’t want them with a private key cert to an app they’re writing that will have carte blanche on the domain. So, what I’d like to try is this: Edit the root cert, unchecking all roles except for code signing, and export it like that. Then, immediately re-edit the root cert and put all the roles back. Will that work? I feel like it won’t, but I can’t say why. And I’m hesitant to try it. We use that root cert for our radius server, among other things, and am not interested in messing it up.
I can also export a .cer from a public cert. I’ve looked around for “convert cer to pfx,” but that doesn’t look like a real thing. There’s some how-to’s, but I’m not having any luck.
Yeah, I know, those code signing certs are pretty cheap to buy. How else am I gonna learn, though? :)
Anyone have any experience with this? Any input is totally appreciated.