Add Code Signing Cert to Powershell Studio

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 7 years and 9 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
jkent@
Posts: 16
Last visit: Tue Aug 29, 2017 9:41 am

Add Code Signing Cert to Powershell Studio

Post by jkent@ »

Product, version and build: PowerShell Studio 2016 v5.2.122
32 or 64 bit version of product: ABOUT SAPIEN doesn't say.. tell me where I can see that and I will report back here
Operating system:windows 7
32 or 64 bit OS: 64-bit
PowerShell Version: 4.0

I have a code signing certificate which is already installed in MMC and I'd like to use it with Powershell Studio 2016.
Right now I can use it to sign a powershell script like so (using ###### to delimit the example):
#########################################
PS C:\> $cert=Get-ChildItem -Path Cert:\CurrentUser\TrustedPublisher -CodeSigningCert
PS C:\> Set-AuthenticodeSignature -FilePath "C:\Users\username\Documents\WindowsPowerShell\yourscript.ps1" -Certificate $cert -Confirm
Confirm
Are you sure you want to perform this action?
Performing the operation "Set-AuthenticodeSignature" on target "C:\Users\username\Documents\WindowsPowerShell\yourscript.ps1".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y


Directory: C:\Users\username\Documents\WindowsPowerShell


SignerCertificate Status Path
----------------- ------ ----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Valid yourscript.ps1

##########################################

And it works just as it should.
Now I want to sign my ps studio apps in the Deploy/MSI Settings/Signing tab
There I find two icons alongside the Certificate text field:
The folder icon brings up a dialog that allows me to use a .pfx file
The other icon brings up a dialog labelled "Windows Security" that shows several untrusted local certificates

Neither of these gives access to my existing code signing certificate. I cannot export my certificate to a .pfx file as that option is only available for personal certificates and my cert is for the computer I'm running PS studio on. I can export the codesigninhg cert from firefox which is how I got it into MMC but there also there's no option to export as .pfx.
The windows security dialog appears to point to some kind of personal store and there is no way to point it elsewhere or add a certificate.

I'm stumped. Must be missing something somewhere.
Please let me know how I can use my existing valid and working code signing certificate with ps studio 2016.

Thanks
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 19
Been upvoted: 37 times

Re: Add Code Signing Cert to Powershell Studio

Post by Alexander Riedel »

Typically a code signing certificate you use to sign scripts is a certificate you *own* and have in your personal store. Using a certificate you *trust* rather than own is not one what you would use. I am actually surprised it would let you do that. You can however always specify an external tool to sign something. I am sure you will find the right field for that. It is right there in the options.
Alexander Riedel
SAPIEN Technologies, Inc.
User avatar
jkent@
Posts: 16
Last visit: Tue Aug 29, 2017 9:41 am

Re: Add Code Signing Cert to Powershell Studio

Post by jkent@ »

Thanks. Yeah, my institution would not give me a personal signing cert, it had to be for my computer. I'll see if I can figure out how to use the signing tool and will post back here for other folks to see if successful
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 19
Been upvoted: 37 times

Re: Add Code Signing Cert to Powershell Studio

Post by Alexander Riedel »

At some point they must have provided you with a certificate file. You can just import that into your personal store usually.
Alexander Riedel
SAPIEN Technologies, Inc.
User avatar
jkent@
Posts: 16
Last visit: Tue Aug 29, 2017 9:41 am

Re: Add Code Signing Cert to Powershell Studio

Post by jkent@ »

OK I found that in firefox where I originally installed the cert when you view the certificates via options/advanced/View Certificates the dialog that opens has buttons for:
view..|Backup...|Backup All....| Import...|Delete...
Using backup gives only the option to backup as a PKCS12 file which did not work with Powershell studio when imported into MMC
However if you select the certificate and click the view button and then the details tab an Export button appears which allows export in a bunch of X509 formats: PEM, DER, and PKCS#7
I had previously imported the PKCS12 version in to MMC but that did not work.
This time with the new export format available I exported as PCKS7# and then imported that into MMC/Certificates/Personal/Certificates and then I'm finally able to see the cert from with Powershell Studio.
Thanks for your help.

[edit] the other thing I did differently was to open mmc/certificates for 'My user account" whereas previously having been told that the cert was for the computer I had opened mmc/certificates for "Computer account"

[edit some more] well that didn't get me very far, now when I try to sign the msi I get an error from the digital signature wizard "The certificate does not contain valid private key information". I've contacted the folks that supplied the cert to see if they can help with that
User avatar
jkent@
Posts: 16
Last visit: Tue Aug 29, 2017 9:41 am

Re: Add Code Signing Cert to Powershell Studio

Post by jkent@ »

It appears that I cannot get the private key that goes with my code-signing certificate as it is for the educational institution that I work for. So I won't be able to sign my scripts and msi files with Powershell Studio. However it seems that windows .msi and .exe files are both Subject Interface Package (SIP) compatible and so can be signed from powershell using Set-AuthenticodeSignature
This topic is 7 years and 9 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.