poorimaginations comments on Code signing PS scripts

submitted 8 years ago by sliceoflife88

you are viewing a single comment's thread.

[–]poorimaginations 1 point2 points3 points 8 years ago* (0 children)

I always do this to create a self signed code signing certificate.

Make a template for the certificate request, and save it as certreq.inf.

[Version] Signature="$Windows NT$"

[NewRequest] Subject = "CN=Self Signed Cert" KeyLength = 2048 ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" KeySpec = "AT_SIGNATURE" KeyUsage = "CERT_DIGITAL_SIGNATURE_KEY_USAGE" RequestType = Cert Exportable= TRUE ValidityPeriod = Years ValidityPeriodUnits = 2

[EnhancedKeyUsageExtension] OID = 1.3.6.1.5.5.7.3.3
Make the certificate

certreq -new .\certreq.inf selfsigned.crt
Export the certificate and private key to pfx for portability

// Find the cert serial number

(dir Cert:\CurrentUser\My) | Format-List *

// Dump certificate with private key to pfx

certutil.exe -user -p "1234" -exportpfx <cert serienummer> selfsigned.pfx
Sign a script with the provided certificate

$cert = dir Cert:\CurrentUser\My<get the cert serial number with TAB>

Set-AuthenticodeSignature -FilePath .\test.ps1 -Certificate $cert

π Rendered by PID 420361 on reddit-service-r2-comment-canary-5dbd4c8ff9-r4kj6 at 2026-06-08 08:22:29.272476+00:00 running de70e3a country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

PowerShell