Categories:
DH Keys (39)
DSA Keys (69)
EC Keys (335)
Firefox (32)
General (13)
Google Chrome (25)
Intermediate CA (152)
Java VM (20)
JDK Keytool (25)
Microsoft CertUtil (26)
Mozilla CertUtil (18)
OpenSSL (237)
Other (17)
Portecle (38)
Publishers (1963)
Revoked Certificates (30)
Root CA (87)
RSA Keys (1812)
Tools (47)
Tutorial (7)
What Is (21)
Windows (129)
Collections:
Other Resources:
Manage Trusted Publishers
Software signing is being used by a growing number of software publishers and application developers to verify that their applications come from a trusted source. However, many users do not understand or pay little attention to the signing certificates associated with applications that they install.
The policy settings in the Trusted Publishers tab of the certificate path validation policy allows administrators to control which certificates can be accepted as coming from a trusted publisher.
This topic includes procedures for the following tasks:
Configuring the trusted publishers policy settings for a local computer
Administrators is the minimum group membership required to complete this procedure.
☞ | To configure the trusted publishers policy settings for a local computer |
Click Start, type gpedit.msc in the Search programs and files box, and then press ENTER.
In the console tree under Local Computer Policy\Computer Configuration\Windows Settings\Security Settings, click Public Key Policies.
Double-click Certificate Path Validation Settings, and then click the Trusted Publishers tab.
Select the Define these policy settings check box, select the policy settings that you want to apply, and then click OK to apply the new settings.
Configuring the trusted publishers policy settings for a domain
Domain Admins is the minimum group membership required to complete this procedure.
☞ | To configure the trusted publishers policy settings for a domain |
Click Start, point to Administrative Tools, and click Server Manager.
Under Features Summary, click Add Features. Select the Group Policy Management check box, click Next, and then click Install.
After the Installation Results page shows that the installation of the Group Policy Management Console (GPMC) was successful, click Close.
Click Start, point to Administrative Tools, and then click Group Policy Management.
In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy Group Policy object (GPO) that you want to edit.
Right-click the Default Domain Policy GPO, and then click Edit.
In the console tree under Computer Configuration\Windows Settings\Security Settings, click Public Key Policies.
Double-click Certificate Path Validation Settings, and then click the Trusted Publishers tab.
Select the Define these policy settings check box, select the policy settings that you want to apply, and then click OK to apply the new settings.
Allowing only administrators to manage certificates used for code signing for a local computer
Administrators is the minimum group membership required to complete this procedure.
☞ | To allow only administrators to manage certificates used for code signing for a local computer |
Click Start, type gpedit.msc in the Search programs and files, and then press ENTER.
In the console tree under Default Domain Policy or Local Computer Policy, double-click Computer Configuration, Windows Settings, and Security Settings, and then click Public Key Policies.
Double-click Certificate Path Validation Settings, and then click the Trusted Publishers tab.
Select the Define these policy settings check box.
Under Trusted publisher management, click Allow only all administrators to manage Trusted Publishers, and then click OK to apply the new settings.
Allowing only administrators to manage certificates used for code signing for a domain
Domain Admins is the minimum group membership required to complete this procedure.
☞ | To allow only administrators to manage certificates used for code signing for a domain |
Click Start, point to Administrative Tools, and click Server Manager.
Under Features Summary, click Add Features. Select the Group Policy Management check box, click Next, and then click Install.
After the Installation Results page shows that the installation of the GPMC was successful, click Close.
Click Start, point to Administrative Tools, and then click Group Policy Management.
In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy GPO that you want to edit.
Right-click the Default Domain Policy GPO, and then click Edit.
In the console tree under Computer Configuration\Windows Settings\Security Settings, click Public Key Policies.
Double-click Certificate Path Validation Settings, and then click the Trusted Publishers tab.
Select the Define these policy settings check box, implement the changes you want, and then click OK to apply the new settings.
Additional references
✍: Microsoft
2016-07-17, 1578👍, 0💬
Popular Posts:
Certificate Summary: Subject: Starfield Class 2 Certification Authority Issuer: Starfield Class 2 Ce...
How to export all certificates in the server certificate path to a file in Firefox? To export all ce...
Certificate Summary: Subject: AddTrust Class 1 CA Root Issuer: AddTrust Class 1 CA Root Expiration: ...
How to download OpenSSL for Windows? I heard that OpenSSL is a nice free tool to manage keys and cer...
How to add a root CA certificate into "cert8.db" file using Mozilla "certutil" tool? I have exported...