-
-
Save 573/525f1fb92a14cd8c0b25 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -------------- In my case it was this location, change accordingly ----------- | |
| # I only show here the part of that file I changed | |
| ## [ v3_req ] | |
| ## | |
| ### Extensions to add to a certificate request | |
| ## | |
| ##basicConstraints = CA:FALSE | |
| ##keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
| [ v3_req ] | |
| # Extensions to add to a certificate request | |
| subjectKeyIdentifier=hash | |
| basicConstraints = CA:FALSE | |
| keyUsage = digitalSignature | |
| extendedKeyUsage = codeSigning, msCodeInd, msCodeCom | |
| nsCertType = client, email, objsign |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| get-help Set-AuthenticodeSignature -detailed | |
| get-help Set-ExecutionPolicy -detailed | |
| Set-ExecutionPolicy remotesigned | |
| $cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx | |
| Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run this for each code developer account. The system must install the CA cert and the resulting p12 file in order to be happy. | |
| # Borrowed from http://bit.do/SwCv | |
| openssl genrsa -des3 -out codesign.key 4096 | |
| openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -out codesign.csr -key codesign.key -reqexts v3_req | |
| openssl x509 -req -days 365 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile ~/v3.cfg -set_serial 01 -out codesign.crt | |
| openssl pkcs12 -export -in codesign.crt -inkey codesign.key -out codesign.pfx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| basicConstraints = CA:FALSE | |
| subjectKeyIdentifier=hash | |
| keyUsage = digitalSignature | |
| extendedKeyUsage = codeSigning, msCodeInd, msCodeCom | |
| nsCertType = client, email, objsign |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(Source for my changes: http://bit.do/SwCv) Replaces e. g. makecert requirement here: http://bit.do/Sws3 (On Windows doubleclick and follow the steps to import the private-key certificate (generated pfx-file) into the correct storage)