mnadjit/PS_SelfSign_PS_Scripts.md

Last active September 8, 2022 05:52

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mnadjit/a7c715e82815a5313b7bf085be0a0836.js"></script>
Save mnadjit/a7c715e82815a5313b7bf085be0a0836 to your computer and use it in GitHub Desktop.

Download ZIP

How to create a certificate and use it to self sign PowerShell scripts

Raw

PS_SelfSign_PS_Scripts.md

Create a new personal certificate

$certificateName = Read-Host -Prompt 'Enter name of your certificate e.g. MyCert or [email protected]'
$cert = New-SelfSignedCertificate -DnsName $certificateName -CertStoreLocation Cert:\CurrentUser\My\ -Type Codesigning -NotAfter (Get-Date).AddYears(3)

Or get an already-created personal certificate

$certThumprint = Read-Host -Prompt 'Enter thumbprint of your certificate'
$cert = Get-ChildItem -Path Cert:\CurrentUser\My\ | Where { $_.Thumbprint -eq $certThumprint }

Import the created certificate into Trusted Publishers and Trusted Root Certification Authorities

This can be done manually using certmgr.msc or using the following commands:

Export your certificate into a .cer file
- Export-Certificate -Type CERT -Cert $cert -FilePath $env:userprofile\documents\myCert.cer
- Import-Certificate -FilePath $env:userprofile\documents\myCert.cer -CertStoreLocation Cert:\CurrentUser\TrustedPublisher
- Import-Certificate -FilePath $env:userprofile\documents\myCert.cer -CertStoreLocation Cert:\CurrentUser\Root -Confirm

Sign your PowerShell script (.ps1) file

$pathToPs1File=Read-Host -Prompt 'Enter path to your ps1 script'
Set-AuthenticodeSignature -FilePath $pathToPs1File -Certificate $cert

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment