Last active
November 29, 2017 18:46
-
-
Save mikaelweave/7432bb4019d35d653f0463a07a973cb9 to your computer and use it in GitHub Desktop.
Commands from Idera Mailings about certificates with PowerShell http://community.idera.com/powershell/powertips/b/tips/posts/creating-self-signed-code-signing-certificates
http://community.idera.com/powershell/powertips/b/tips/posts/loading-certificates-from-pfx-files
http://community.idera.com/powershell/powertips/b/tips/posts/digitally-signing…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -Version 5 | |
| # this is where the cert file will be saved | |
| $Path = "$env:temp\codeSignCert.pfx" | |
| # you'll need this password to load the PFX file later | |
| $Password = Read-Host -Prompt 'Enter new password to protect certificate' -AsSecureString | |
| # create cert, export to file, then delete again | |
| $cert = New-SelfSignedCertificate -KeyUsage DigitalSignature -KeySpec Signature -FriendlyName 'IT Sec Department' -Subject CN=SecurityDepartment -KeyExportPolicy ExportableEncrypted -CertStoreLocation Cert:\CurrentUser\My -NotAfter (Get-Date).AddYears(5) -TextExtension @('2.5.29.37={text}1.3.6.1.5.5.7.3.3') | |
| $cert | Export-PfxCertificate -Password $Password -FilePath $Path | |
| $cert | Remove-Item |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # read in the certificate from a pre-existing PFX file | |
| $cert = Get-PfxCertificate -FilePath "$env:temp\codeSignCert.pfx" | |
| # find all scripts in your user profile... | |
| Get-ChildItem -Path $home -Filter *.ps1 -Include *.ps1 -Recurse -ErrorAction SilentlyContinue | | |
| # ...that do not have a signature yet... | |
| Where-Object { | |
| ($_ | Get-AuthenticodeSignature).Status -eq 'NotSigned' | |
| } | | |
| # and apply one | |
| # (note that we added -WhatIf so no signing occurs. Remove this only if you | |
| # really want to add digital signatures!) | |
| Set-AuthenticodeSignature -Certificate $cert -WhatIf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cert = Get-PfxCertificate -FilePath "$env:temp\codeSignCert.pfx" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # read in the certificate from a pre-existing PFX file | |
| $cert = Get-PfxCertificate -FilePath "$env:temp\codeSignCert.pfx" | |
| # find all scripts in your user profile... | |
| Get-ChildItem -Path $home\Documents -Filter *.ps1 -Include *.ps1 -Recurse -ErrorAction SilentlyContinue | | |
| # ...that do not have a signature yet... | |
| Where-Object { | |
| ($_ | Get-AuthenticodeSignature).Status -eq 'NotSigned' | |
| } | | |
| # and apply one | |
| # (note that we added -WhatIf so no signing occurs. Remove this only if you | |
| # really want to add digital signatures!) | |
| Set-AuthenticodeSignature -Certificate $cert -TimestampServer http://timestamp.digicert.com -WhatIf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment