A security engineer is implementing a code signing requirement for all code developed by the organization. Currently, the PKI only generates website certificates. Which of the following steps should the engineer perform first?
A.
Add a new template on the internal CA with the correct attributes.
B.
Generate a wildcard certificate for the internal domain.
C.
Recalculate a public/private key pair for the root CA.
D.
Implement a SAN for all internal web applications.
To enable code signing with an existing PKI, the first step is to configure the Certificate Authority (CA) to issue code signing certificates. Adding a new template with attributes specific to code signing (e.g., key usage for signing) allows the CA to support this requirement without disrupting existing operations.
Option A:Correct—templates define certificate types; this isthe foundational step.
Option B:Wildcard certificates are for domains, not code signing.
Option C:Recalculating root CA keys is unnecessary and risky unless compromised.
Option D:SAN (Subject Alternative Name) is for multi-domain certificates, irrelevant here.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit