jakub-g · September 23, 2017 23:06
diff --git a/C:\Program Files (x86)\Git\ssl\openssl.cnf b/C:\Program Files (x86)\Git\ssl\openssl.cnf
 # -------------- In my case it was this location, change accordingly -----------
 #                I only show here the part of that file I changed
 ## [ v3_req ]
 ##
 ### Extensions to add to a certificate request
 ##
 ##basicConstraints = CA:FALSE
 ##keyUsage = nonRepudiation, digitalSignature, keyEncipherment

 [ v3_req ]

 # Extensions to add to a certificate request

 subjectKeyIdentifier=hash
 basicConstraints = CA:FALSE
 keyUsage = digitalSignature
 extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
 nsCertType = client, email, objsign
diff --git a/FirstSteps_With_The_Signature.ps1 b/FirstSteps_With_The_Signature.ps1
 get-help Set-AuthenticodeSignature -detailed
 get-help Set-ExecutionPolicy -detailed
 Set-ExecutionPolicy remotesigned
 $cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
 Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer
diff --git a/makeauthority.sh b/makeauthority.sh
 # Run this once

 # Borrowed from http://bit.do/SwCv

 openssl genrsa -des3 -out ca.key 4096
 openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -x509 -days 365 -out ca.crt -key ca.key
diff --git a/makecert.sh b/makecert.sh
 # Run this for each code developer account.  The system must install the CA cert and the resulting p12 file in order to be happy.

 # Borrowed from http://bit.do/SwCv

 openssl genrsa -des3 -out codesign.key 4096
 openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -out codesign.csr -key codesign.key -reqexts v3_req
 openssl x509 -req -days 365 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile ~/v3.cfg -set_serial 01 -out codesign.crt
 openssl pkcs12 -export -in codesign.crt -inkey codesign.key -out codesign.pfx
diff --git a/~\v3.cfg b/~\v3.cfg
 basicConstraints = CA:FALSE
 subjectKeyIdentifier=hash
 keyUsage = digitalSignature
 extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
 nsCertType = client, email, objsign
	# -------------- In my case it was this location, change accordingly -----------
	# I only show here the part of that file I changed
	## [ v3_req ]
	##
	### Extensions to add to a certificate request
	##
	##basicConstraints = CA:FALSE
	##keyUsage = nonRepudiation, digitalSignature, keyEncipherment

	[ v3_req ]

	# Extensions to add to a certificate request

	subjectKeyIdentifier=hash
	basicConstraints = CA:FALSE
	keyUsage = digitalSignature
	extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
	nsCertType = client, email, objsign
	get-help Set-AuthenticodeSignature -detailed
	get-help Set-ExecutionPolicy -detailed
	Set-ExecutionPolicy remotesigned
	$cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
	Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer
	# Run this once

	# Borrowed from http://bit.do/SwCv

	openssl genrsa -des3 -out ca.key 4096
	openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -x509 -days 365 -out ca.crt -key ca.key
	# Run this for each code developer account. The system must install the CA cert and the resulting p12 file in order to be happy.

	# Borrowed from http://bit.do/SwCv

	openssl genrsa -des3 -out codesign.key 4096
	openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -out codesign.csr -key codesign.key -reqexts v3_req
	openssl x509 -req -days 365 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile ~/v3.cfg -set_serial 01 -out codesign.crt
	openssl pkcs12 -export -in codesign.crt -inkey codesign.key -out codesign.pfx