Phew. I did it. Thank you Bruce Payette for the great book you wrote.
If you want to read the book it’s on Amazon.com.
Three reasons why you would want to get it.
1) It’s very well written (which is rare among books about programming)
2) It’s a good and (at times) a funny read. (which is next to impossible to find)
3) This book is written by the person who helped design Powershell.
But let me get to the code-signing bit :
You’ll need the Windows SDK, because it contains ‘makecert.exe’
I just copied the makecert file in my Powershell directory to make the commands a bit shorter.
If you’re under Windows 7, make sure you start Powershell ‘as Administrator’. Otherwise, some commands will fail.
in your Powershell window, type :
./makecert –n “CN=PowerShell Local Certificate Root” –a sha1 –eku 220.127.116.11.18.104.22.168.3 –r –sv root.pvk root.cer –ss Root –sr localMachine
This will pop up a dialog to enter passwords. And we have just created a Local Certificate Authority.
Next, we ened to make a signing certificate :
./makecert –pe –n “CN=¨PowerShell User” –ss MY –a sha1 –eku 22.214.171.124.126.96.36.199.3 –iv root.pvk –ic root.cer
great. that’s that. Now, all we need to do is sign our scripts with that key. Here’s how :
First change the Execution policy to allsigned :
Next, we load our certificate into a variable :
$cert = @(Get-ChildItem cert:\CurrentUser\My -Codesigning)
then we sign the file :
Set-authenticodeSignature test-script.ps1 $cert
you should be able to execute your script now.