Configuring the Code Signing Capability
The topics in this section walk you through the steps required to configure the code signing capability for use in your environment.
If you have not yet reviewed the conceptual material or completed the tutorial, consider starting with:
Solution overview — Learn how the code signing capability works and how the core components fit together.
Tutorial — Follow a guided workflow to see the full signing lifecycle in action.
Once you are ready to configure your environment directly, use the table below to determine which setup tasks you need to complete.
Setup Tasks at a Glance
| Task | Who performs it | Required? | When you need it |
|---|
| Onboard users | TSG administrator | Always | Before any user can manage or use Signing Keys. |
| Create a built-in account | User with write access to Built-in Accounts page | Always | Required to authenticate the Code Sign Client on a signing machine. |
| Configure a CA | User with write access to Signing Keys page | Optional | Required only if you plan to issue certificates from Microsoft AD CS, DigiCert, or Zero Touch PKI. Not required for “None” or “Built-in CA.” |
| Create a Signing Key | User with write access to Signing Keys page | Always | Required to generate the keys and certificates used for signing. |
|
