Skip to content

Instantly share code, notes, and snippets.

@573
Forked from richieforeman/makeauthority.sh
Last active September 23, 2017 23:06
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save 573/525f1fb92a14cd8c0b25 to your computer and use it in GitHub Desktop.
Save 573/525f1fb92a14cd8c0b25 to your computer and use it in GitHub Desktop.
# -------------- In my case it was this location, change accordingly -----------
# I only show here the part of that file I changed
## [ v3_req ]
##
### Extensions to add to a certificate request
##
##basicConstraints = CA:FALSE
##keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_req ]
# Extensions to add to a certificate request
subjectKeyIdentifier=hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature
extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
nsCertType = client, email, objsign
get-help Set-AuthenticodeSignature -detailed
get-help Set-ExecutionPolicy -detailed
Set-ExecutionPolicy remotesigned
$cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer
# Run this once
# Borrowed from http://bit.do/SwCv
openssl genrsa -des3 -out ca.key 4096
openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -x509 -days 365 -out ca.crt -key ca.key
# Run this for each code developer account. The system must install the CA cert and the resulting p12 file in order to be happy.
# Borrowed from http://bit.do/SwCv
openssl genrsa -des3 -out codesign.key 4096
openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -out codesign.csr -key codesign.key -reqexts v3_req
openssl x509 -req -days 365 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile ~/v3.cfg -set_serial 01 -out codesign.crt
openssl pkcs12 -export -in codesign.crt -inkey codesign.key -out codesign.pfx
basicConstraints = CA:FALSE
subjectKeyIdentifier=hash
keyUsage = digitalSignature
extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
nsCertType = client, email, objsign
@573
Copy link
Author

573 commented Sep 19, 2014

(Source for my changes: http://bit.do/SwCv) Replaces e. g. makecert requirement here: http://bit.do/Sws3 (On Windows doubleclick and follow the steps to import the private-key certificate (generated pfx-file) into the correct storage)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment