Signing Powershell script fails

Posted on 2014-08-18
Last Modified: 2014-08-19
I am trying to sign a PS1-script, but I just can't get it to work. I am doing it on a Windows Server 2012 machine.

I have created a new selfsigned certificate using
New-SelfSignedCertificate -DnsName, -CertStoreLocation cert:\LocalMachine\My

Open in new window

It seems to do as supposed.

But when I try to asign the certificate to the script, it fails. Below you can see the steps I take to accomplish the task
PS Cert:\localmachine\my> dir

    Directory: Microsoft.PowerShell.Security\Certificate::localmachine\my

Thumbprint                                Subject
----------                                -------

PS Cert:\localmachine\my> $cert = @(gci cert:\localmachine\my -codesigning)[0]
PS Cert:\localmachine\my> Set-AuthenticodeSignature c:\tools\test.ps1 $cert
Set-AuthenticodeSignature : Cannot bind argument to parameter 'Certificate' because it is null.
At line:1 char:45
+ Set-AuthenticodeSignature c:\tools\test.ps1 $cert
+                                             ~~~~~
    + CategoryInfo          : InvalidData: (:) [Set-AuthenticodeSignature], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SetAuthenti

Open in new window

Can anyone tell me what I'm doing wrong?

Question by:Kasper Katzmann
    LVL 25

    Expert Comment

    by:Zephyr ICT
    Does it work when you leave out "-codesigning" which I thought should be -codesigningcert ... But anyway, leave it out and see what that tells you ...
    LVL 40

    Accepted Solution

    If GCI cert:\CurrentUser\my -codesigning returns nothing then you don't have a certificate in store which can be used for code signing..

    Use makecert, step by step instructions given in the following help article and it will work! (worked well for me)
    LVL 38

    Expert Comment

    Yes, I would say the cert you created doesn't have the right EKU (Enhanced Key Usage) to be used for Code Signing.  So although gci cert:\localmachine\my may show you a certificate, gci cert:\localmachine\my -codesigningcert probably doesn't.

    Author Comment

    by:Kasper Katzmann
    I think you are right, the certificate isn't proper configured.
    I have installed SDK for Windows 8, but for some reason neither Powershell or Cmd rekognize makecert
    makecert : The term 'makecert' is not recognized as the name of a cmdlet, function, script file, or operable program. C
    heck the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:1
    + makecert
    + ~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (makecert:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException

    Open in new window

    LVL 25

    Expert Comment

    by:Zephyr ICT
    Did you try using the SDK Command Prompt window?
    LVL 40

    Assisted Solution

    You need to specify the full path of makecert.exe. Or go to the path where the command exist and run it from there.

    Author Closing Comment

    by:Kasper Katzmann
    It helped using makecert, and when I specified the full path of makecert all problems where solved.

    Thank you very much.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Hi all.   The other day I had to change the passwords for a bunch of users on the fly. Because they were so many, I decided to do it in an automated way and I would like to share it with you all.   If you are not doing it directly in a Domain Co…
    Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now