I hate to be a pain and feel like a complete n00b but I want to make sure I do this right on the second go around. When I use DigiCert, it generates the CSR but I cannot seem to find the key. I see that in my windows certificate store there is a new CERT that reflects the name I chose when creating the CSR. I could certianly export this but I am not confident this is just a Key and not sure if this will import correctly into CPPM. Can you walk me through this start to finish?
Here is what I think needs to be done:
1. Use DigiCert to create Code Signing CSR
2. Have Public CA (Such as GoDaddy) create a Code Signing Cert from this CSR
3. Using Windows Certificate Manager MMC Snap-in - Export the Certificate created by DigiCert
3a. The only option for export is a .pfx file
3b. Create a password when exporting
4. Download the Certificate from GoDaddy
5. In ClearPass OnBoard / Management and Control / - Upload Code Signing Certificate
5a. Upload the Certificate and Private Key
The New Code Signing Cert will now be available as a selection in the OnBoard Client settings found in the OnBoard Provisioing Settings configuration. Select it and save.
Now when clients with Windows 8.1 / 10 attempt to OnBoard machines, they will no longer receive a SmartScreen pop-up from Windows. (Assuming the whitelisy has allowed the communication to microsoft as discussed earlier in this thread).
Thanks so much for the help! I hope this will help other users out there running into the same issue that are not intimately familiar with Code Signing Certs!!
Phil