I know this isn't strictly a PowerShell question, but this seems the best place to ask this because...
- I am not a developer! (and I don't want to be one.)
- We don't run IIS.
- We don't have a PKI or the ability to create one.
I often have fairly simple PowerShell scripts I would like users/computers in the (sub)domain I manage to run while maintaining some semblence of security (AllSigned execution policy). We can request certificates from a third-party CA, but I have to generate a code signing CSR first (is this different than a SSL CSR?).
I understand the basic concepts of code signing (private/public key pairs, time stamping, Root CAs, etc.), and I can find information on how to sign the scripts once I have a certificate, but I don't know the mechanics of getting to that point. There is information (though inconsistant, rather convoluted and old) on creating self-signed certificates, but I would like to have all the machines/users in the subdomain trust the certificates. I'm not opposed to generating a self-signed certificate if there is a way (that I can follow and without a PKI) to elevate that certificate to be trusted by computers/users in the domain.
Does anyone know of or can someone create a step-by-step tutorial on the mechanics of generating a CSR to get a code-signing certificate for non-developers?
Even better would be a (up-to-date) tutorial on the whole process of generating a CSR, acquiring a publicly trusted cert, installing/securing the cert, and signing (and dating) PowerShell scripts. I can't imagine that I am the only system admin in this situation and if we could whip up a signed, script to give to users/computers under our management while only minimally relaxing the execution policy, I think we could all be more secure and efficient.
Thanks.