CA and Code Signing Scripts in PS Core 6.1

Welcome Forums General PowerShell Q&A CA and Code Signing Scripts in PS Core 6.1

This topic contains 2 replies, has 2 voices, and was last updated by

10 months, 4 weeks ago.

  • Author
  • #103139

    Topics: 5
    Replies: 8
    Points: 0
    Rank: Member


    I have installed PS Core 6.1 on a new install of Win10. I want to know the correct way to install a cert and sign scripts that i download.
    What are the best practices in Test and Production?
    I have had a look around the internet and some places say to use makecert.exe but then it says it has been deprecated and to use the PS Cmdlet New-SelfSignedCertificate but this does not work in PS Core 6.1? Do I need to import this or is there a better way? I also have a Windows Domain environment.

  • #103196

    Topics: 2
    Replies: 929
    Points: 1,594
    Helping Hand
    Rank: Community Hero

    If you are on a Windows box, PS Win and PSCore (PSv6) are installed side-by-side. This is by design as they are two different things. So, you'd use PSWIn for all things PSCode can't do, and use PSCore for all the things it does and or does better than PSWin.

    Why are you looking to use a self-signed cert, especially if this is an enterprise operational thing, vs a domain CA issued cert?
    The New-SelefSignedCertificate cmdlet is simply not available on PSv6. Not all cmdlets are available across all versions of PS. Some are even only available on certain OS versions, even on Windows.

    Makecert.exe works just fine, depreciated or not and makecert.exe is avaialbe on PS6 installs as long as you have it on your system.

    PowerShell v6.0.2
    Copyright (c) Microsoft Corporation. All rights reserved.
    Type 'help' to get help.
    PS C:\Program Files\PowerShell\6.0.2> Get-Command -Name '*cert*'
    CommandType     Name                                               Version    Source
    -----------     ----                                               -------    ------
    Cmdlet          Get-PfxCertificate                           Microsoft.PowerShell.Security
    Application     appidcertstorecheck.exe                            10.0.17... C:\WINDOWS\system32\appidcertstorecheck.exe
    Application     CertEnrollCtrl.exe                                 10.0.17... C:\WINDOWS\system32\CertEnrollCtrl.exe
    Application     certlm.msc                                   C:\WINDOWS\system32\certlm.msc
    Application     certmgr.msc                                  C:\WINDOWS\system32\certmgr.msc
    Application     certreq.exe                                        10.0.17... C:\WINDOWS\system32\certreq.exe
    Application     certutil.exe                                       10.0.17... C:\WINDOWS\system32\certutil.exe
    Application     dmcertinst.exe                                     10.0.17... C:\WINDOWS\system32\dmcertinst.exe
    Application     makecert.exe                                       6.1.760... C:\Users\Daniel\AppData\Local\Programs\Fiddler\makecert.exe
    Application     TRACERT.EXE                                        10.0.17... C:\WINDOWS\system32\TRACERT.EXE
    Application     TrustCert.exe                                C:\Users\Daniel\AppData\Local\Programs\Fiddler\TrustCert.exe

    Importing a cert, is just a matter of adding it to the user certificate store for use.
    So, you do that manually via the MMC or certutil.exe or the Import-* cmdlets via PSWin.

     Get-Command -Name '*import*cert*'
    CommandType     Name                                               Version    Source
    -----------     ----                                               -------    ------
    Cmdlet          Import-ACMCertificate                      AWSPowerShell
    Cmdlet          Import-AzureKeyVaultCertificate                    4.1.0      AzureRM.KeyVault
    Cmdlet          Import-AzureRmApiManagementHostnameCertificate     5.1.0      AzureRM.ApiManagement
    Cmdlet          Import-Certificate                           PKI
    Cmdlet          Import-DMSCertificate                      AWSPowerShell
    Cmdlet          Import-PfxCertificate                        PKI

    Then you have the pre-made script via the MS TechNet and the MS

    Self-signed certificate generator (PowerShell)

    This script is an enhanced open-source PowerShell implementation of deprecated makecert.exe tool and utilizes the most modern certificate API — CertEnroll


    Carbon 2.5.4

    Carbon is a PowerShell module for automating the configuration Windows 7, 8, 2008, and 2012 and automation the installation and configuration of Windows applications, websites, and services. It can configure and manage:



    Signing PowerShell Scripts (Self-Signed)


    Hey, Scripting Guy! How Can I Sign Windows PowerShell Scripts with an Enterprise Windows PKI?



  • #103541

    Topics: 5
    Replies: 8
    Points: 0
    Rank: Member

    Thanks for clarifying this.
    I wanted to use the self signed cert in a test environment.
    I also use Linux. Powershell has automatically upgraded to PS Core so how can i run PS Standard on linux?

The topic ‘CA and Code Signing Scripts in PS Core 6.1’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort