none
Problems signing powershell script

    Pertanyaan

  • We have an Authenticode signing system in our network so that all tools can get signed with our official cert.  I'm using that cert to sign my powershell scripts.  Here's where I am at:

    Get the PFX file that is our cert, same way I would use it with signtool.exe:
    PS U:\> $pfxfile = Get-PfxCertificate "E:\[path snipped for brevity]\Authenticode_20110308.pfx"

    And I know it's good:
    PS U:\> write-host $pfxfile.NotAfter
    3/6/2013 3:59:59 PM

    So I sign my script:
    PS U:\> Set-AuthenticodeSignature -filepath C:\temp\powershelltest.ps1 -certificate $pfxfile -IncludeChain All


        Directory: C:\temp


    SignerCertificate                         Status             Path
    -----------------                         ------             ----
    521F641D5650RR247E959B7DE5541B9BF7FE44A0  Valid              powershelltest.ps1

     

    So far so good right?  But now if I go back and check the signature:
    PS U:\> Get-AuthenticodeSignature C:\temp\powershelltest.ps1


        Directory: C:\temp


    SignerCertificate                         Status             Path
    -----------------                         ------             ----
    521F641D5650RR247E959B7DE5541B9BF7FE44A0  UnknownError       powershelltest.ps1

     

    and if I try to run it (ExecutionPolicy set to AllSigned):
    PS U:\> C:\temp\powershelltest.ps1
    File C:\temp\powershelltest.ps1 cannot be loaded. A certificate chain could not
     be built to a trusted root authority.
    At line:1 char:27
    + C:\temp\powershelltest.ps1 <<<<
        + CategoryInfo          : NotSpecified: (:) [], PSSecurityException
        + FullyQualifiedErrorId : RuntimeException

     

    help?

    01 Maret 2012 19:59

Jawaban

Semua Balasan