SOURCE - https://stackoverflow.com/a/51443366/12339402
Using New-SelfSignedCertificate:
- Generate the key:
New-SelfSignedCertificate -DnsName your@email.com -Type CodeSigning -CertStoreLocation cert:\CurrentUser\My
- Export the certificate without the private key:
Export-Certificate -Cert (Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert)[0] -FilePath code_signing.crt
- Import it as Trusted Publisher
Import-Certificate -FilePath .\code_signing.crt -Cert Cert:\CurrentUser\TrustedPublisher
- Import it as a Root certificate authority.
Import-Certificate -FilePath .\code_signing.crt -Cert Cert:\CurrentUser\Root
This will warn you
- Sign the script (assuming here it's named script.ps1, fix the path accordingly).
Set-AuthenticodeSignature .\script.ps1 -Certificate (Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert)
I mainly created this script as a reminder for myself :p, rest you should see the stackoverflow answer for more details.