Hi there I'm a developer looking at introducing ClickOnce deployment for an internal .NET Winforms application that will be distributed via the corporate network.
Now I would like to deploy this application under the full trust model however in order for that to happen I need to sign the software with a certificate. I can do that with a "test" certificate that has no information of the publisher etc, however that means an extra step will occur on the users workstation where they will have to confirm that the software is OK.
So what I want to know is. is there a way I can get my IT Infrastructure guys to create me a an "internal" certificate from the domains Certificate Authority, or do I have to go and pay for a certificate from somebody like VeriSign?
Thanks
Best Answer
Yes, you can create an internal certificate and then a MS Group Policy can be setup whereby each computer in the domain automatically "trusts" any code signed with that certificate.
The Group Policy Item is:
In our case, we created an internal CA and put any certs made by that CA as trusted. I.e. it was in the Trusted Root Certification Authority section.