Product, version and build: PowerShell Studio 2016 v5.2.122
32 or 64 bit version of product: ABOUT SAPIEN doesn't say.. tell me where I can see that and I will report back here
Operating system:windows 7
32 or 64 bit OS: 64-bit
PowerShell Version: 4.0
I have a code signing certificate which is already installed in MMC and I'd like to use it with Powershell Studio 2016.
Right now I can use it to sign a powershell script like so (using ###### to delimit the example):
#########################################
PS C:\> $cert=Get-ChildItem -Path Cert:\CurrentUser\TrustedPublisher -CodeSigningCert
PS C:\> Set-AuthenticodeSignature -FilePath "C:\Users\username\Documents\WindowsPowerShell\yourscript.ps1" -Certificate $cert -Confirm
Confirm
Are you sure you want to perform this action?
Performing the operation "Set-AuthenticodeSignature" on target "C:\Users\username\Documents\WindowsPowerShell\yourscript.ps1".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y
Directory: C:\Users\username\Documents\WindowsPowerShell
SignerCertificate Status Path
----------------- ------ ----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Valid yourscript.ps1
##########################################
And it works just as it should.
Now I want to sign my ps studio apps in the Deploy/MSI Settings/Signing tab
There I find two icons alongside the Certificate text field:
The folder icon brings up a dialog that allows me to use a .pfx file
The other icon brings up a dialog labelled "Windows Security" that shows several untrusted local certificates
Neither of these gives access to my existing code signing certificate. I cannot export my certificate to a .pfx file as that option is only available for personal certificates and my cert is for the computer I'm running PS studio on. I can export the codesigninhg cert from firefox which is how I got it into MMC but there also there's no option to export as .pfx.
The windows security dialog appears to point to some kind of personal store and there is no way to point it elsewhere or add a certificate.
I'm stumped. Must be missing something somewhere.
Please let me know how I can use my existing valid and working code signing certificate with ps studio 2016.
Thanks
Add Code Signing Cert to Powershell Studio
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- Alexander Riedel
- Posts: 8479
- Last visit: Thu Mar 28, 2024 9:29 am
- Been upvoted: 37 times
Re: Add Code Signing Cert to Powershell Studio
Typically a code signing certificate you use to sign scripts is a certificate you *own* and have in your personal store. Using a certificate you *trust* rather than own is not one what you would use. I am actually surprised it would let you do that. You can however always specify an external tool to sign something. I am sure you will find the right field for that. It is right there in the options.
Alexander Riedel
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.
Re: Add Code Signing Cert to Powershell Studio
Thanks. Yeah, my institution would not give me a personal signing cert, it had to be for my computer. I'll see if I can figure out how to use the signing tool and will post back here for other folks to see if successful
- Alexander Riedel
- Posts: 8479
- Last visit: Thu Mar 28, 2024 9:29 am
- Been upvoted: 37 times
Re: Add Code Signing Cert to Powershell Studio
At some point they must have provided you with a certificate file. You can just import that into your personal store usually.
Alexander Riedel
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.
Re: Add Code Signing Cert to Powershell Studio
OK I found that in firefox where I originally installed the cert when you view the certificates via options/advanced/View Certificates the dialog that opens has buttons for:
view..|Backup...|Backup All....| Import...|Delete...
Using backup gives only the option to backup as a PKCS12 file which did not work with Powershell studio when imported into MMC
However if you select the certificate and click the view button and then the details tab an Export button appears which allows export in a bunch of X509 formats: PEM, DER, and PKCS#7
I had previously imported the PKCS12 version in to MMC but that did not work.
This time with the new export format available I exported as PCKS7# and then imported that into MMC/Certificates/Personal/Certificates and then I'm finally able to see the cert from with Powershell Studio.
Thanks for your help.
[edit] the other thing I did differently was to open mmc/certificates for 'My user account" whereas previously having been told that the cert was for the computer I had opened mmc/certificates for "Computer account"
[edit some more] well that didn't get me very far, now when I try to sign the msi I get an error from the digital signature wizard "The certificate does not contain valid private key information". I've contacted the folks that supplied the cert to see if they can help with that
view..|Backup...|Backup All....| Import...|Delete...
Using backup gives only the option to backup as a PKCS12 file which did not work with Powershell studio when imported into MMC
However if you select the certificate and click the view button and then the details tab an Export button appears which allows export in a bunch of X509 formats: PEM, DER, and PKCS#7
I had previously imported the PKCS12 version in to MMC but that did not work.
This time with the new export format available I exported as PCKS7# and then imported that into MMC/Certificates/Personal/Certificates and then I'm finally able to see the cert from with Powershell Studio.
Thanks for your help.
[edit] the other thing I did differently was to open mmc/certificates for 'My user account" whereas previously having been told that the cert was for the computer I had opened mmc/certificates for "Computer account"
[edit some more] well that didn't get me very far, now when I try to sign the msi I get an error from the digital signature wizard "The certificate does not contain valid private key information". I've contacted the folks that supplied the cert to see if they can help with that
Re: Add Code Signing Cert to Powershell Studio
It appears that I cannot get the private key that goes with my code-signing certificate as it is for the educational institution that I work for. So I won't be able to sign my scripts and msi files with Powershell Studio. However it seems that windows .msi and .exe files are both Subject Interface Package (SIP) compatible and so can be signed from powershell using Set-AuthenticodeSignature