Author Posts

September 26, 2017 at 1:39 pm

Ho everyone,

I'm on a route of learning powershell and I've experienced an odd issue.
I've created a self-signed certificate (after struggling for a while just took an example from internet, but there is no difference).
Info about certificate"

 $cert | fl *

PSPath                   : Microsoft.PowerShell.Security\Certificate::CurrentUser\My\1AE4C34E2337C9A732A0DBA97ED493D9F4
                           EECD93
PSParentPath             : Microsoft.PowerShell.Security\Certificate::CurrentUser\My
PSChildName              : 1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93
PSDrive                  : Cert
PSProvider               : Microsoft.PowerShell.Security\Certificate
PSIsContainer            : False
EnhancedKeyUsageList     : {Code Signing (1.3.6.1.5.5.7.3.3)}
DnsNameList              : {Test Code Signing}
SendAsTrustedIssuer      : False
EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
PolicyId                 :
Archived                 : False
Extensions               : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptog
                           raphy.Oid}
FriendlyName             :
IssuerName               : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter                 : 26.09.2018 16:39:50
NotBefore                : 26.09.2017 16:19:50
HasPrivateKey            : True
PrivateKey               : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey                : System.Security.Cryptography.X509Certificates.PublicKey
RawData                  : {48, 130, 3, 8...}
SerialNumber             : 54711E68035CEA9A4752E76967C4D854
SubjectName              : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm       : System.Security.Cryptography.Oid
Thumbprint               : 1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93
Version                  : 3
Handle                   : 1583236719936
Issuer                   : CN=Test Code Signing
Subject                  : CN=Test Code Signing

If I try to sign any script with this certificate I receive "unknow error":

PS D:\> $a[1]


   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

Thumbprint                                Subject
----------                                -------
1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93  CN=Test Code Signing


PS D:\> $cert = $a[1]
PS D:\> Set-AuthenticodeSignature -Certificate $cert -FilePath .\123_new.ps1


    Directory: D:\


SignerCertificate                         Status                                 Path
-----------------                         ------                                 ----
1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93  UnknownError                           123_new.ps1

And in the end script is with "Unknow error" line (tho a lot of lines are added in the file):

PS D:\> Get-AuthenticodeSignature -FilePath .\123_new.ps1


    Directory: D:\


SignerCertificate                         Status                                 Path
-----------------                         ------                                 ----
1AE4C34E2337C9A732A0DBA97ED493D9F4EECD93  UnknownError                           123_new.ps1

I also managed to follow these same steps and get result for Get-AuthenticodeSignature as "Not signed".

I've made some reaserch and found out that this might be related to encoding, so I changed encoding to UTF-8, but nothing changed.
As I understood encoding issue is applicable only for Powershell v1 and v2, and I have PowerShell v5.

So right now I'm stuck and I can't figure out what is the issue here. Any help would be greatly appreciated 🙂

September 29, 2017 at 10:55 am

Found the issue, just needed to add self-signed certificate to trusted.