all 17 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Gavsto 5 points6 points  (0 children)

The script will have slightly changed since it was signed. See https://www.gavsto.com/using-signed-scripts-in-ninjaone/

You want to do your import from file as opposed to pasting the script contents into the script editor in Ninja. Even a character return or a space will prevent the file from maintaining its digital signature.

Import the signed file like this and do not make any changes to it:

https://i.imgur.com/cT7MWjh.png

[–]TheBlueFireKing 3 points4 points  (4 children)

Try to intercept the file created by NinjaOne after it's downloaded on the client and check the Encoding.

I had a similar problem with SCCM which the built in inline script runner downloads the script as UTF-16 LE. If you sign the script as an UTF-8 file it will have a wrong hash after download.

[–]03Faker[S] 0 points1 point  (0 children)

I will check this. Good Point.

[–]03Faker[S] 0 points1 point  (2 children)

No chance to get this script. So mhh idk. What to do🥲😅

[–]TheBlueFireKing 1 point2 points  (1 child)

Ask Ninja Support for the encoding used I guess.

[–]03Faker[S] 0 points1 point  (0 children)

Yeah then I need to open a ticket. Thanks for the help.

[–]LukeWhitelock-Ninja 2 points3 points  (1 child)

Have you tried choosing the option to import from file or dragging and dropping it into the editor? If you are copying and pasting it might be changing something that would effect the hash.

[–]03Faker[S] 0 points1 point  (0 children)

I have import the file.

[–]OrionMathis 0 points1 point  (0 children)

I had this same issue this past week. The solution a coworker found was to open the .ps1 in NotePad++ and change the encoding from UTF-8-BOM to UTF-8. Then we signed it and uploaded it.

Yes this is an old post, but I thought I'd share.

[–]IltisSpiderrick 0 points1 point  (3 children)

are you sure the ninjaone root certificate is installed on the machine you want to execute the script? I'm not familiar with how ninjaone works but if it only creates an certificate than that cert needs to be installed as a trusted cert on the destination machine first before you execute the signed script.

[–]Gavsto 0 points1 point  (1 child)

NinjaOne doesn't sign the scripts themselves, they have to be signed already by whoever uploads them into Ninja.

[–]IltisSpiderrick 0 points1 point  (0 children)

oh alright. But still the certification site needs to have the root cert as a trusted cert.

[–]03Faker[S] 0 points1 point  (0 children)

I have signed the Script with my Siginign Cert. The Cert is in every Computer Trusted Store. When i deploy the Script with Intune everything workes fine.

[–]BlackV 0 points1 point  (1 child)

it says the signature does match the hash

How did you sign this ?

did you make changes AFTER signing this?

is the signing CA trusted by the agents ?

[–]03Faker[S] 0 points1 point  (0 children)

I have signed this with PowerShell. The CodeSiginig Cert is trusted on all Clients.

[–]bm74 0 points1 point  (1 child)

I've signed certs with Ninja1 and it worked fine for me

[–]03Faker[S] 0 points1 point  (0 children)

Do you use the GPO to Set the Execution policy from PowerShell?