Sign your PowerShell scripts with a code signing certificate
Posted in Certificates, PowerShell
Prerequisite is -> you need an issued and world or domain-trusted code signing certificate. Read more about how to issue a code signing certificate (CSR) and how to issue one using your in house Certification Authority
Let’s start a PowerShell Console as admin – then use this command to list available code signing certificates:
Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | fl
Now note down the Thumbprint
To sign your PowerShell script, adjust the following PowerShell command:
Set-AuthenticodeSignature -Certificate (Get-ChildItem -path 'Cert:\B3419A643F1320EBDE3CA9553D4F9684C26164C8' -Recurse) -FilePath "C:\Solvia\WSUS-Toolkitting.ps1"
- Replace B3419A643F1320EBDE3CA9553D4F9684C26164C8 with the Thumbprint of your code signing certificate
- Replace the -FilePath with your PowerShell script
if you did all good, you should see
Open your just signed PowerShell script and scroll to the end where you can find the # SIG # signature block
To check the signature of a signed PowerShell script use:
Get-AuthenticodeSignature -PSPath C:\Solvia\WSUS-Toolkitting.ps1