C:\Program Files (x86)\Git\ssl\openssl.cnf

# -------------- In my case it was this location, change accordingly -----------
#                I only show here the part of that file I changed
## [ v3_req ]
##
### Extensions to add to a certificate request
##
##basicConstraints = CA:FALSE
##keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_req ]

# Extensions to add to a certificate request

subjectKeyIdentifier=hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature
extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
nsCertType = client, email, objsign

FirstSteps_With_The_Signature.ps1

get-help Set-AuthenticodeSignature -detailed
get-help Set-ExecutionPolicy -detailed
Set-ExecutionPolicy remotesigned
$cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer

makeauthority.sh

# Run this once

# Borrowed from http://bit.do/SwCv

openssl genrsa -des3 -out ca.key 4096
openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -x509 -days 365 -out ca.crt -key ca.key

makecert.sh

# Run this for each code developer account.  The system must install the CA cert and the resulting p12 file in order to be happy.

# Borrowed from http://bit.do/SwCv

openssl genrsa -des3 -out codesign.key 4096
openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -out codesign.csr -key codesign.key -reqexts v3_req
openssl x509 -req -days 365 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile ~/v3.cfg -set_serial 01 -out codesign.crt
openssl pkcs12 -export -in codesign.crt -inkey codesign.key -out codesign.pfx

~\v3.cfg

basicConstraints = CA:FALSE
subjectKeyIdentifier=hash
keyUsage = digitalSignature
extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
nsCertType = client, email, objsign