To verify that the code-signing certificate is trustworthy,
it must be signed by the private key of an intermediate or root CA
(Certificate Authority) certificate. While the system can sign code
using a self-signed code-signing certificate, this practice is not
recommended. The authenticity of a self-signed certificate cannot
be verified by the target system. The root CA certificate used to
sign your code-signing certificate may belong to your company, if
it serves as its own CA, or it may belong to a trusted third-party
CA, such as VeriSign or Thawte. Creating a CSR (Certificate Signing
Request) is the first step in getting your code-signing certificate
appropriately signed.
You are using Workbench running on a PC.
- If necessary, navigate to the Certificate Management view and select the code-signing certificate.
The view opens to the User Key Store.
- Select the code-signing certificate and click the Cert Request button at the bottom of the view.
- Confirm that the certificate properties are correct and
click OK.
The Certificate Manager prompts you
for the private key password.
- Enter the password you assigned to the code-signing certificate
and click OK.
The system displays the
certManagement folder from which to choose the location to store the CSR.
The Alias for the certificate is used as the file name of
the CSR. The extension is .csr.
- Use the default folder, or select a different folder in
which to store the CSR and click Save.
The system displays, CSR generation complete.
- To confirm completion, click OK.
- If an external CA, such as VeriSign or Thawte, will sign
your code-signing certificate, follow the CSR submission procedure
as required by the CA.
The CA verifies that you are who you claim to be, that
the certificate is for your organization, and other important information.
They then return a signed code-signing certificate (.pem file) to
you (usually by email).