Kasper Katzmann
asked on
Signing Powershell script fails
Hi
I am trying to sign a PS1-script, but I just can't get it to work. I am doing it on a Windows Server 2012 machine.
I have created a new selfsigned certificate using
But when I try to asign the certificate to the script, it fails. Below you can see the steps I take to accomplish the task
Regards
Kasper
I am trying to sign a PS1-script, but I just can't get it to work. I am doing it on a Windows Server 2012 machine.
I have created a new selfsigned certificate using
New-SelfSignedCertificate -DnsName www.fabrikam.com, www.contoso.com -CertStoreLocation cert:\LocalMachine\My
It seems to do as supposed.But when I try to asign the certificate to the script, it fails. Below you can see the steps I take to accomplish the task
PS Cert:\localmachine\my> dir
Directory: Microsoft.PowerShell.Security\Certificate::localmachine\my
Thumbprint Subject
---------- -------
D99F78E793244A016BBF27A35F907F5C51E4A536 CN=www.fabrikam.com
CEDD25D7FE1AAFA54A7010DD20E15381D0591CB5 CN=www.fabrikam.com
PS Cert:\localmachine\my> $cert = @(gci cert:\localmachine\my -codesigning)[0]
PS Cert:\localmachine\my> Set-AuthenticodeSignature c:\tools\test.ps1 $cert
Set-AuthenticodeSignature : Cannot bind argument to parameter 'Certificate' because it is null.
At line:1 char:45
+ Set-AuthenticodeSignature c:\tools\test.ps1 $cert
+ ~~~~~
+ CategoryInfo : InvalidData: (:) [Set-AuthenticodeSignature], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SetAuthenti
codeSignatureCommand
Can anyone tell me what I'm doing wrong?Regards
Kasper
Does it work when you leave out "-codesigning" which I thought should be -codesigningcert ... But anyway, leave it out and see what that tells you ...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, I would say the cert you created doesn't have the right EKU (Enhanced Key Usage) to be used for Code Signing. So although gci cert:\localmachine\my may show you a certificate, gci cert:\localmachine\my -codesigningcert probably doesn't.
ASKER
I think you are right, the certificate isn't proper configured.
I have installed SDK for Windows 8, but for some reason neither Powershell or Cmd rekognize makecert
I have installed SDK for Windows 8, but for some reason neither Powershell or Cmd rekognize makecert
makecert : The term 'makecert' is not recognized as the name of a cmdlet, function, script file, or operable program. C
heck the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ makecert
+ ~~~~~~~~
+ CategoryInfo : ObjectNotFound: (makecert:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Did you try using the SDK Command Prompt window?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It helped using makecert, and when I specified the full path of makecert all problems where solved.
Thank you very much.
Thank you very much.