PS: Code Signing

less than 1 minute read


When creating scripts in Powershell, it’s a good idea to setup a code signing cert and add it to your cert store. Here are the steps I use(d).

To Resolve:

  1. First, I know MS has the New-SelfSignedCertificate natively now, but I still downloaded the one here.

  2. Then, in Powershell ISE, just run:

New-SelfsignedCertificateEx -Subject "CN=Test Code Signing" -EKU "Code Signing" -KeySpec "Signature" `
-KeyUsage "DigitalSignature" -FriendlyName "Test code signing" -NotAfter $([datetime]::now.AddYears(5))
  1. Then, to sign a script, just type:
$MyCert =(dir Cert:\CurrentUser\My -CodeSigningCert)[0]
# Example Set-AuthenticodeSignature .\test.ps1 -Certificate $MyCert
  1. You could place the $MyCert variable in your profile on the machine you ran this on and then just have that sign all the scripts you produce.

Spotted a mistake in this article? Why not suggest an edit!
Did you like the article? Donations are always welcome!