CA and Code Signing Scripts in PS Core 6.1

Welcome Forums General PowerShell Q&A CA and Code Signing Scripts in PS Core 6.1

Viewing 2 reply threads
  • Author
    Posts
    • #103139
      Participant
      Topics: 5
      Replies: 8
      Points: 0
      Rank: Member

      Hi,

      I have installed PS Core 6.1 on a new install of Win10. I want to know the correct way to install a cert and sign scripts that i download.
      What are the best practices in Test and Production?
      I have had a look around the internet and some places say to use makecert.exe but then it says it has been deprecated and to use the PS Cmdlet New-SelfSignedCertificate but this does not work in PS Core 6.1? Do I need to import this or is there a better way? I also have a Windows Domain environment.

    • #103196
      Participant
      Topics: 2
      Replies: 1014
      Points: 2,105
      Helping Hand
      Rank: Community Hero

      If you are on a Windows box, PS Win and PSCore (PSv6) are installed side-by-side. This is by design as they are two different things. So, you’d use PSWIn for all things PSCode can’t do, and use PSCore for all the things it does and or does better than PSWin.

      Why are you looking to use a self-signed cert, especially if this is an enterprise operational thing, vs a domain CA issued cert?
      The New-SelefSignedCertificate cmdlet is simply not available on PSv6. Not all cmdlets are available across all versions of PS. Some are even only available on certain OS versions, even on Windows.

      Makecert.exe works just fine, depreciated or not and makecert.exe is avaialbe on PS6 installs as long as you have it on your system.

      Importing a cert, is just a matter of adding it to the user certificate store for use.
      So, you do that manually via the MMC or certutil.exe or the Import-* cmdlets via PSWin.

      Then you have the pre-made script via the MS TechNet and the MS powershellgallery.com

      Self-signed certificate generator (PowerShell)

      This script is an enhanced open-source PowerShell implementation of deprecated makecert.exe tool and utilizes the most modern certificate API — CertEnroll

      ‘gallery.technet.microsoft.com/scriptcenter/Self-signed-certificate-5920a7c6’

      Carbon 2.5.4

      Carbon is a PowerShell module for automating the configuration Windows 7, 8, 2008, and 2012 and automation the installation and configuration of Windows applications, websites, and services. It can configure and manage:

      Get-Certificate
      Get-CertificateStore
      Install-Certificate
      Uninstall-Certificate

      ‘powershellgallery.com/packages/Carbon/2.5.4’

      Signing PowerShell Scripts (Self-Signed)

      ‘hanselman.com/blog/SigningPowerShellScripts.aspx’

      Hey, Scripting Guy! How Can I Sign Windows PowerShell Scripts with an Enterprise Windows PKI?

      ‘blogs.technet.microsoft.com/heyscriptingguy/2010/06/16/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-1-of-2’

      ‘blogs.technet.microsoft.com/heyscriptingguy/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2’

    • #103541
      Participant
      Topics: 5
      Replies: 8
      Points: 0
      Rank: Member

      Thanks for clarifying this.
      I wanted to use the self signed cert in a test environment.
      I also use Linux. Powershell has automatically upgraded to PS Core so how can i run PS Standard on linux?

Viewing 2 reply threads
  • The topic ‘CA and Code Signing Scripts in PS Core 6.1’ is closed to new replies.