Signing scripts issue

This topic contains 1 reply, has 1 voice, and was last updated by  Kirill 3 weeks, 3 days ago.

  • Author
    Posts
  • #80597

    Kirill
    Participant

    Ho everyone,

    I'm on a route of learning powershell and I've experienced an odd issue.
    I've created a self-signed certificate (after struggling for a while just took an example from internet, but there is no difference).
    Info about certificate"

     $cert | fl *
    
    PSPath                   : Microsoft.PowerShell.Security\Certificate::CurrentUser\My\1AE4C34E2337C9A732A0DBA97ED493D9F4
                               EECD93
    PSParentPath             : Microsoft.PowerShell.Security\Certificate::CurrentUser\My
    PSChildName              : 1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93
    PSDrive                  : Cert
    PSProvider               : Microsoft.PowerShell.Security\Certificate
    PSIsContainer            : False
    EnhancedKeyUsageList     : {Code Signing (1.3.6.1.5.5.7.3.3)}
    DnsNameList              : {Test Code Signing}
    SendAsTrustedIssuer      : False
    EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
    EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
    PolicyId                 :
    Archived                 : False
    Extensions               : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptog
                               raphy.Oid}
    FriendlyName             :
    IssuerName               : System.Security.Cryptography.X509Certificates.X500DistinguishedName
    NotAfter                 : 26.09.2018 16:39:50
    NotBefore                : 26.09.2017 16:19:50
    HasPrivateKey            : True
    PrivateKey               : System.Security.Cryptography.RSACryptoServiceProvider
    PublicKey                : System.Security.Cryptography.X509Certificates.PublicKey
    RawData                  : {48, 130, 3, 8...}
    SerialNumber             : 54711E68035CEA9A4752E76967C4D854
    SubjectName              : System.Security.Cryptography.X509Certificates.X500DistinguishedName
    SignatureAlgorithm       : System.Security.Cryptography.Oid
    Thumbprint               : 1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93
    Version                  : 3
    Handle                   : 1583236719936
    Issuer                   : CN=Test Code Signing
    Subject                  : CN=Test Code Signing
    
    

    If I try to sign any script with this certificate I receive "unknow error":

    PS D:\> $a[1]
    
    
       PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My
    
    Thumbprint                                Subject
    ----------                                -------
    1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93  CN=Test Code Signing
    
    
    PS D:\> $cert = $a[1]
    PS D:\> Set-AuthenticodeSignature -Certificate $cert -FilePath .\123_new.ps1
    
    
        Directory: D:\
    
    
    SignerCertificate                         Status                                 Path
    -----------------                         ------                                 ----
    1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93  UnknownError                           123_new.ps1
    

    And in the end script is with "Unknow error" line (tho a lot of lines are added in the file):

    PS D:\> Get-AuthenticodeSignature -FilePath .\123_new.ps1
    
    
        Directory: D:\
    
    
    SignerCertificate                         Status                                 Path
    -----------------                         ------                                 ----
    1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93  UnknownError                           123_new.ps1
    

    I also managed to follow these same steps and get result for Get-AuthenticodeSignature as "Not signed".

    I've made some reaserch and found out that this might be related to encoding, so I changed encoding to UTF-8, but nothing changed.
    As I understood encoding issue is applicable only for Powershell v1 and v2, and I have PowerShell v5.

    So right now I'm stuck and I can't figure out what is the issue here. Any help would be greatly appreciated 🙂

  • #80950

    Kirill
    Participant

    Found the issue, just needed to add self-signed certificate to trusted.

You must be logged in to reply to this topic.