Signing Powershell script fails

Hi
I am trying to sign a PS1-script, but I just can't get it to work. I am doing it on a Windows Server 2012 machine.

I have created a new selfsigned certificate using
New-SelfSignedCertificate -DnsName www.fabrikam.com, www.contoso.com -CertStoreLocation cert:\LocalMachine\My

Open in new window

It seems to do as supposed.

But when I try to asign the certificate to the script, it fails. Below you can see the steps I take to accomplish the task
PS Cert:\localmachine\my> dir


    Directory: Microsoft.PowerShell.Security\Certificate::localmachine\my


Thumbprint                                Subject
----------                                -------
D99F78E793244A016BBF27A35F907F5C51E4A536  CN=www.fabrikam.com
CEDD25D7FE1AAFA54A7010DD20E15381D0591CB5  CN=www.fabrikam.com


PS Cert:\localmachine\my> $cert = @(gci cert:\localmachine\my -codesigning)[0]
PS Cert:\localmachine\my> Set-AuthenticodeSignature c:\tools\test.ps1 $cert
Set-AuthenticodeSignature : Cannot bind argument to parameter 'Certificate' because it is null.
At line:1 char:45
+ Set-AuthenticodeSignature c:\tools\test.ps1 $cert
+                                             ~~~~~
    + CategoryInfo          : InvalidData: (:) [Set-AuthenticodeSignature], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SetAuthenti
   codeSignatureCommand

Open in new window

Can anyone tell me what I'm doing wrong?

Regards
Kasper
Kasper KatzmannSeniorkonsulentAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
Does it work when you leave out "-codesigning" which I thought should be -codesigningcert ... But anyway, leave it out and see what that tells you ...
0
SubsunCommented:
If GCI cert:\CurrentUser\my -codesigning returns nothing then you don't have a certificate in store which can be used for code signing..

Use makecert, step by step instructions given in the following help article and it will work! (worked well for me)
http://technet.microsoft.com/en-us/library/hh847874.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
footechCommented:
Yes, I would say the cert you created doesn't have the right EKU (Enhanced Key Usage) to be used for Code Signing.  So although gci cert:\localmachine\my may show you a certificate, gci cert:\localmachine\my -codesigningcert probably doesn't.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Kasper KatzmannSeniorkonsulentAuthor Commented:
I think you are right, the certificate isn't proper configured.
I have installed SDK for Windows 8, but for some reason neither Powershell or Cmd rekognize makecert
makecert : The term 'makecert' is not recognized as the name of a cmdlet, function, script file, or operable program. C
heck the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ makecert
+ ~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (makecert:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Open in new window

0
Zephyr ICTCloud ArchitectCommented:
Did you try using the SDK Command Prompt window?
0
SubsunCommented:
You need to specify the full path of makecert.exe. Or go to the path where the command exist and run it from there.
0
Kasper KatzmannSeniorkonsulentAuthor Commented:
It helped using makecert, and when I specified the full path of makecert all problems where solved.

Thank you very much.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.