When using a self-signed certificate with SCUP, remember that the certificate needs to be deployed to Trusted Publishers AND Trusted Root Certificate Authorities on the client. The same applies for the SCUP/WSUS server.
I seem to forget the latter when doing my deployments…
Jason T. Lewis has made a blog post describing how to make your own code signing certificate if you have your own Enterprise CA.
Thanks for the link to code signing cert. Quick question, should the code signing cert be issued to the SCCM server or a service account?
In the guide they use a regular user account to request it, so a service account would work. If the SCCM server has access to request it I assume that would work as well.