Skip to content

Instantly share code, notes, and snippets.

@adi-g15

adi-g15/signing_executable.md

Created May 6, 2021 17:57
Show Gist options
  • Save adi-g15/e2c84795dbfd43b85d1631aa2cac0344 to your computer and use it in GitHub Desktop.
Save adi-g15/e2c84795dbfd43b85d1631aa2cac0344 to your computer and use it in GitHub Desktop.
Download ZIP
Signing executable/scripts on Windows
Raw
signing_executable.md

Signing executable/scripts on Windows

SOURCE - https://stackoverflow.com/a/51443366/12339402

Using New-SelfSignedCertificate:

  1. Generate the key:
New-SelfSignedCertificate -DnsName your@email.com -Type CodeSigning -CertStoreLocation cert:\CurrentUser\My
  1. Export the certificate without the private key:
Export-Certificate -Cert (Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert)[0] -FilePath code_signing.crt
  1. Import it as Trusted Publisher
Import-Certificate -FilePath .\code_signing.crt -Cert Cert:\CurrentUser\TrustedPublisher
  1. Import it as a Root certificate authority.
Import-Certificate -FilePath .\code_signing.crt -Cert Cert:\CurrentUser\Root

This will warn you

  1. Sign the script (assuming here it's named script.ps1, fix the path accordingly).
Set-AuthenticodeSignature .\script.ps1 -Certificate (Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert)

I mainly created this script as a reminder for myself :p, rest you should see the stackoverflow answer for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment