This topic contains 2 replies, has 2 voices, and was last updated by
June 24, 2018 at 5:20 am #103139ParticipantPoints: 0Rank: Member
I have installed PS Core 6.1 on a new install of Win10. I want to know the correct way to install a cert and sign scripts that i download.
What are the best practices in Test and Production?
I have had a look around the internet and some places say to use makecert.exe but then it says it has been deprecated and to use the PS Cmdlet New-SelfSignedCertificate but this does not work in PS Core 6.1? Do I need to import this or is there a better way? I also have a Windows Domain environment.
June 24, 2018 at 11:11 pm #103196ParticipantPoints: 28Rank: Member
If you are on a Windows box, PS Win and PSCore (PSv6) are installed side-by-side. This is by design as they are two different things. So, you'd use PSWIn for all things PSCode can't do, and use PSCore for all the things it does and or does better than PSWin.
Why are you looking to use a self-signed cert, especially if this is an enterprise operational thing, vs a domain CA issued cert?
The New-SelefSignedCertificate cmdlet is simply not available on PSv6. Not all cmdlets are available across all versions of PS. Some are even only available on certain OS versions, even on Windows.
Makecert.exe works just fine, depreciated or not and makecert.exe is avaialbe on PS6 installs as long as you have it on your system.
PowerShell v6.0.2 Copyright (c) Microsoft Corporation. All rights reserved. https://aka.ms/pscore6-docs Type 'help' to get help. PS C:\Program Files\PowerShell\6.0.2> Get-Command -Name '*cert*' CommandType Name Version Source ----------- ---- ------- ------ Cmdlet Get-PfxCertificate 220.127.116.11 Microsoft.PowerShell.Security Application appidcertstorecheck.exe 10.0.17... C:\WINDOWS\system32\appidcertstorecheck.exe Application CertEnrollCtrl.exe 10.0.17... C:\WINDOWS\system32\CertEnrollCtrl.exe Application certlm.msc 0.0.0.0 C:\WINDOWS\system32\certlm.msc Application certmgr.msc 0.0.0.0 C:\WINDOWS\system32\certmgr.msc Application certreq.exe 10.0.17... C:\WINDOWS\system32\certreq.exe Application certutil.exe 10.0.17... C:\WINDOWS\system32\certutil.exe Application dmcertinst.exe 10.0.17... C:\WINDOWS\system32\dmcertinst.exe Application makecert.exe 6.1.760... C:\Users\Daniel\AppData\Local\Programs\Fiddler\makecert.exe Application TRACERT.EXE 10.0.17... C:\WINDOWS\system32\TRACERT.EXE Application TrustCert.exe 18.104.22.168 C:\Users\Daniel\AppData\Local\Programs\Fiddler\TrustCert.exe
Importing a cert, is just a matter of adding it to the user certificate store for use.
So, you do that manually via the MMC or certutil.exe or the Import-* cmdlets via PSWin.
Get-Command -Name '*import*cert*' CommandType Name Version Source ----------- ---- ------- ------ Cmdlet Import-ACMCertificate 22.214.171.124 AWSPowerShell Cmdlet Import-AzureKeyVaultCertificate 4.1.0 AzureRM.KeyVault Cmdlet Import-AzureRmApiManagementHostnameCertificate 5.1.0 AzureRM.ApiManagement Cmdlet Import-Certificate 126.96.36.199 PKI Cmdlet Import-DMSCertificate 188.8.131.52 AWSPowerShell Cmdlet Import-PfxCertificate 184.108.40.206 PKI
Then you have the pre-made script via the MS TechNet and the MS powershellgallery.com
Self-signed certificate generator (PowerShell)
This script is an enhanced open-source PowerShell implementation of deprecated makecert.exe tool and utilizes the most modern certificate API — CertEnroll
Carbon is a PowerShell module for automating the configuration Windows 7, 8, 2008, and 2012 and automation the installation and configuration of Windows applications, websites, and services. It can configure and manage:
Signing PowerShell Scripts (Self-Signed)
Hey, Scripting Guy! How Can I Sign Windows PowerShell Scripts with an Enterprise Windows PKI?
June 28, 2018 at 5:13 pm #103541ParticipantPoints: 0Rank: Member
Thanks for clarifying this.
I wanted to use the self signed cert in a test environment.
I also use Linux. Powershell has automatically upgraded to PS Core so how can i run PS Standard on linux?
The topic ‘CA and Code Signing Scripts in PS Core 6.1’ is closed to new replies.