How to sign a powershell script to be used for distribution

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of Aaron Jensen Aaron Jensen 2 years, 2 months ago.

  • Author
    Posts
  • #18877
    Profile photo of John Smith
    John Smith
    Participant

    Hi,
    I am new to powershell so if I'm missing out on any detail, please let me know.

    We have some powershell scripts we send over to the clients to execute. Their powershell enviroment has execution policy set to 'remote signed'

    Now I have read multiple blogs for how to sign the powershell script to be used at different execution levels, but my understanding is signing is for my environment only.

    http://www.hanselman.com/blog/SigningPowerShellScripts.aspx

    http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx

    I'm probably missing out on something obvious and I'll appreciate if someone can explain me how to sign my script so that client can use it in their environment with any execution level set.

    Thanks in advance!

  • #18880
    Profile photo of Stephen Owen
    Stephen Owen
    Participant

    That's right, if you distribute your own cert for use in the environment, or sign your script using a code-signing cert from your own Certificate Authority, your script will only be signed for local use.

    If you want other environments to be able to run your script under a 'RemoteSigned' execution policy, you will either need them to issue you a Code-signing cert, or you'll need a globally trusted certificate, from an organization like VeriSign, Thawte or GoDaddy. Expect to pay ~$800 + for one of those Code-signing certs.

  • #18887
    Profile photo of Aaron Jensen
    Aaron Jensen
    Participant

    It looks like prices vary, anywhere from $80 to $400 a year. Looks like StartSSL offers a free tier, but its Root CA might not be installed on everyone's computers. (I would add some links, but the forum software won't let me.)

You must be logged in to reply to this topic.