Signing Scripts

Welcome Forums General PowerShell Q&A Signing Scripts

Viewing 1 reply thread
  • Author
    Posts
    • #220251
      Participant
      Topics: 66
      Replies: 71
      Points: 510
      Rank: Major Contributor

      There is most likely a facet of script signing that I do not understand, but I am having an issue with signing a basic PS script for testing.

      I have a valid MS enterprise Code Signing cert located in the Trusted Publishers Folder that expires in Oct of 2020.   (I have obfuscated certain elements).

      Get-ChildItem Cert:\CurrentUser\TrustedPublisher
      
      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  CN=Brian Clanton, OU=XXX, DC=XXXXX, DC=local

       

      I have attempted to sign my script, referencing it via thumbprint and it indicates that the script is not suitable.

       

      S

      Set-AuthenticodeSignature C:\Utility\TPScript\BCLoginTest.ps1 @(Get-ChildItem Cert:\CurrentUser\TrustedPublisher\XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX[0]
      
      Set-AuthenticodeSignature : Cannot sign code. The specified certificate is not suitable for code signing.
      At line:1 char:1
      + Set-AuthenticodeSignature C:\Utility\TPScript\BCLoginTest.ps1 @(Get-C ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidArgument: (:) [Set-AuthenticodeSignature], PSArgumentException
      + FullyQualifiedErrorId : Argument,Microsoft.PowerShell.Commands.SetAuthenticodeSignatureCommand

      Most of the examples I see is for Self Signed Certs where they are referencing the Personal Cert folder, so I think I may be missing a step in the preparation of the Cert?

      Does anyone see my error?

       

       

       

       

       

       

    • #220281
      Participant
      Topics: 3
      Replies: 340
      Points: 1,120
      Helping Hand
      Rank: Community Hero
Viewing 1 reply thread
  • You must be logged in to reply to this topic.