signing a script

Welcome Forums General PowerShell Q&A signing a script

This topic contains 4 replies, has 3 voices, and was last updated by

3 years, 7 months ago.

  • Author
  • #24880

    Points: 0
    Rank: Member

    I'm trying to sign a script but not having much luck. I'm using this to get the code signing portion of my certificate:

    $sig = Get-ChildItem -path cert:/currentuser/my/ -codesigningcert
    Set-AuthenticodeSignature -path C:/scripts/myscript.ps1 -certificate $sig

    I receive an error when I run set-authenticodesignature indicating that $sig is null.

    My environment uses Entrust PKI certificates.

    Any suggestions would be appreciates.

  • #24881

    Points: 0
    Rank: Member

    If $sig is null, then you don't have a code-signing certificate installed.

  • #24882

    Points: 0
    Rank: Member

    Here's a quick command to verify that. An authenticode certificate would have "Code Signing" as one of its EnhancedKeyUsages:

    $props = 'Thumbprint',
             @{Name = 'EnhancedKeyUsages'; Expression = { $_.Extensions | ? { $_ -is [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension] } | % EnhancedKeyUsages | % FriendlyName } }
    Get-ChildItem Cert:\CurrentUser\My | Select  $props | Format-List
  • #24883

    Points: 1,673
    Helping HandTeam Member
    Rank: Community Hero

    Keep in mind the certificate has to be CODE SIGNING (not another type), and needs to be installed in the My Certificates store – not in the machine store or elsewhere.

  • #24890

    Points: 0
    Rank: Member

    Much appreciated for the snippet Dave.

    The results returned from the snippet confirm that my cert is not a code signing cert, even though the certificate definition indicates that it can be used for code signing.

The topic ‘signing a script’ is closed to new replies.