How to generate and use a Code-Signing Certificate:
a) use the command Set-ExecutionPolicy AllSigned RemoteSigned in PowerShell
b) download and install Microsoft Windows SDK for .NET 3.5
c) use makecert.exe to create the certificate (it's in c:\Program Files\Microsoft SDK\Windows\v7.0\Bin)
.\makecert.exe -n "CN=MyLocalCertRoot" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss root -sr LocalMachine
.\makecert.exe -pe -n "CN=PowerShell Cert" -ss My -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
Check if the certificate has been created:
Get-ChildItem cert:\CurrentUser\My -codesigning
Now you can sign your newly created PowerShell scripts. Please don't use the PowerShell ISE program to create your tools because it's a cause of problems when you want to sign the scripts afterwards.
How to sign the code:
Set-AuthenticodeSignature c:\myscripts\newscript.ps1 (Get-ChildItem cert:\CurrentUser\My -codesigning | where {$_.Subject -match "PowerShell"})
It's maybe best to put the commands in a function, so you don't have to write the full code each time you want to sign a code:
Function signscripts([string] $script)
{
Set-AuthenticodeSignature $script (Get-ChildItem cert:\CurrentUser\My -codesigning | where {$_.Subject -match "PowerShell"})
}
command: signscript "c:\myscripts\newscript.ps1"
Recent Comments