- This topic has 2 replies, 2 voices, and was last updated 2 years, 6 months ago by
June 24, 2018 at 5:20 am #103139ParticipantTopics: 5Replies: 8Points: 0Rank: Member
I have installed PS Core 6.1 on a new install of Win10. I want to know the correct way to install a cert and sign scripts that i download.
What are the best practices in Test and Production?
I have had a look around the internet and some places say to use makecert.exe but then it says it has been deprecated and to use the PS Cmdlet New-SelfSignedCertificate but this does not work in PS Core 6.1? Do I need to import this or is there a better way? I also have a Windows Domain environment.
June 24, 2018 at 11:11 pm #103196ParticipantTopics: 2Replies: 1014Points: 2,105Rank: Community Hero
If you are on a Windows box, PS Win and PSCore (PSv6) are installed side-by-side. This is by design as they are two different things. So, you’d use PSWIn for all things PSCode can’t do, and use PSCore for all the things it does and or does better than PSWin.
Why are you looking to use a self-signed cert, especially if this is an enterprise operational thing, vs a domain CA issued cert?
The New-SelefSignedCertificate cmdlet is simply not available on PSv6. Not all cmdlets are available across all versions of PS. Some are even only available on certain OS versions, even on Windows.
Makecert.exe works just fine, depreciated or not and makecert.exe is avaialbe on PS6 installs as long as you have it on your system.PowerShell123456789101112131415161718192021PowerShell v6.0.2Copyright (c) Microsoft Corporation. All rights reserved.https://aka.ms/pscore6-docsType 'help' to get help.PS C:\Program Files\PowerShell\6.0.2> Get-Command -Name '*cert*'CommandType Name Version Source----------- ---- ------- ------Cmdlet Get-PfxCertificate 126.96.36.199 Microsoft.PowerShell.SecurityApplication appidcertstorecheck.exe 10.0.17... C:\WINDOWS\system32\appidcertstorecheck.exeApplication CertEnrollCtrl.exe 10.0.17... C:\WINDOWS\system32\CertEnrollCtrl.exeApplication certlm.msc 0.0.0.0 C:\WINDOWS\system32\certlm.mscApplication certmgr.msc 0.0.0.0 C:\WINDOWS\system32\certmgr.mscApplication certreq.exe 10.0.17... C:\WINDOWS\system32\certreq.exeApplication certutil.exe 10.0.17... C:\WINDOWS\system32\certutil.exeApplication dmcertinst.exe 10.0.17... C:\WINDOWS\system32\dmcertinst.exeApplication makecert.exe 6.1.760... C:\Users\Daniel\AppData\Local\Programs\Fiddler\makecert.exeApplication TRACERT.EXE 10.0.17... C:\WINDOWS\system32\TRACERT.EXEApplication TrustCert.exe 188.8.131.52 C:\Users\Daniel\AppData\Local\Programs\Fiddler\TrustCert.exe
Importing a cert, is just a matter of adding it to the user certificate store for use.
So, you do that manually via the MMC or certutil.exe or the Import-* cmdlets via PSWin.PowerShell12345678910Get-Command -Name '*import*cert*'CommandType Name Version Source----------- ---- ------- ------Cmdlet Import-ACMCertificate 184.108.40.206 AWSPowerShellCmdlet Import-AzureKeyVaultCertificate 4.1.0 AzureRM.KeyVaultCmdlet Import-AzureRmApiManagementHostnameCertificate 5.1.0 AzureRM.ApiManagementCmdlet Import-Certificate 220.127.116.11 PKICmdlet Import-DMSCertificate 18.104.22.168 AWSPowerShellCmdlet Import-PfxCertificate 22.214.171.124 PKI
Then you have the pre-made script via the MS TechNet and the MS powershellgallery.com
Self-signed certificate generator (PowerShell)
This script is an enhanced open-source PowerShell implementation of deprecated makecert.exe tool and utilizes the most modern certificate API — CertEnroll
Carbon is a PowerShell module for automating the configuration Windows 7, 8, 2008, and 2012 and automation the installation and configuration of Windows applications, websites, and services. It can configure and manage:
Signing PowerShell Scripts (Self-Signed)
Hey, Scripting Guy! How Can I Sign Windows PowerShell Scripts with an Enterprise Windows PKI?
June 28, 2018 at 5:13 pm #103541ParticipantTopics: 5Replies: 8Points: 0Rank: Member
Thanks for clarifying this.
I wanted to use the self signed cert in a test environment.
I also use Linux. Powershell has automatically upgraded to PS Core so how can i run PS Standard on linux?
- The topic ‘CA and Code Signing Scripts in PS Core 6.1’ is closed to new replies.