Powershell script sign with personal certificate

Im trying to sign a certificate with a personally signed certificate but cannot get it working right.

So what Im trying to do is create the SelfSigned Certificate:-
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname code.tonycross.local

Open in new window


Then store a password for exporting the certificate:-
$pwd = ConvertTo-SecureString -String "Bannanas123" -Force -AsPlainText

Open in new window


Export the certificate (with the ID from signing):-
Export-PfxCertificate -cert cert:\localMachine\my\3DE6F6E78F29EC09E75B1BD28C82B4F05326D1F4 -FilePath c:\temp\cert.pfx -Password $pwd

Open in new window


Then, sign the powershell script:-
Set-AuthenticodeSignature c:\temp\demoscript.ps1 @(Get-ChildItem cert:\c:\temp\cert.pfx -codesign)

Open in new window


Im totally lost in trying to get this working, has anyone got any articles to sign scripts with self-signed certificates?

Thank you in advance
tonelm54Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
Exporting the certificate is needed only if you want to transfer the cert to other locations.  After creating your cert, try the following.
Set-AuthenticodeSignature c:\temp\demoscript.ps1 @(Get-ChildItem cert:\localmachine\my -CodeSigningCert)

Open in new window

0
David Johnson, CD, MVPOwnerCommented:
You might be able to add codesigning property to your self signed certificate.
dir cert:currentuser\my\ -CodeSigningCert

Open in new window

 will tell you if you have a valid certificate.

I have a public Microsoft Authenticode Certificate and this is the script that I use to sign all powershell scripts.

$cert=(dir cert:currentuser\my\ -CodeSigningCert)
$files = Get-ChildItem -Path 'E:\Documents\WindowsPowershell' -Include "*.ps1" -Recurse
foreach($file in $files){
$hash = Set-AuthenticodeSignature $file.FullName -cert $cert
#write-output($file.FullName, $hash.Status)
if (!($hash.Status -eq "Valid")) { 
write-host $hash.status $hash.path
remove-item $hash.path
}

Open in new window

0
David Johnson, CD, MVPOwnerCommented:
new-selfsignedcertificate does not add the code signing option only

Key Usage: Digital Signature, Key Encipherment (a0)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David Johnson, CD, MVPOwnerCommented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.