Sign your PowerShell scripts with a code signing certificate

Prerequisite is -> you need an issued and world or domain-trusted code signing certificate. Read more about how to issue a code signing certificate (CSR) and how to issue one using your in house Certification Authority

Let’s start a PowerShell Console as admin – then use this command to list available code signing certificates:

 Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | fl

Now note down the Thumbprint

To sign your PowerShell script, adjust the following PowerShell command:

Set-AuthenticodeSignature -Certificate (Get-ChildItem -path 'Cert:\B3419A643F1320EBDE3CA9553D4F9684C26164C8' -Recurse) -FilePath "C:\Solvia\WSUS-Toolkitting.ps1"
  • Replace B3419A643F1320EBDE3CA9553D4F9684C26164C8 with the Thumbprint of your code signing certificate
  • Replace the -FilePath with your PowerShell script

if you did all good, you should see

Open your just signed PowerShell script and scroll to the end where you can find the # SIG # signature block

To check the signature of a signed PowerShell script use:

Get-AuthenticodeSignature -PSPath C:\Solvia\WSUS-Toolkitting.ps1