Hello all,
I was wondering if you have used any enterprise code signing solution that you would recommend.
We are looking at deploying carbon black, which by default blocks unsigned executables. rather than undoing this feature, the goal is to sign internally developed code using our internal PKI.
Ideally, the solution would leverage a certificate stored in an HSM, and would also have approval workflow capabilities before code is signed. 
 thanks and regards,-Ravi