miracles1315/New-CodeSigningCertificate.ps1

## New-CodeSigningCertificate.ps1
<#
.SYNOPSIS
This script creates a self-signed certificate, exports it, and re-imports it into the Trusted Root Certification Authorities store.

.DESCRIPTION
This script creates a self-signed code signing certificate, valid for one year from the date/time created, that can be used for testing purposes to sign scripts.  After the certificate is created, the issuer is untrusted.  So, the script then exports the certificate into a .cer file and re-imports it into the Trusted Root Certification Authorities store for the current user (i.e. Cert:\CurrentUser\Root).

.PARAMETER DnsName
Specify one, or more, DNS names to put into the subject alternative name (SAN) extension of the certificate. The first DNS name is also saved as the subject name, issuer name (i.e. Issued By), and common name (i.e. Issued To).  Default is the local computer name (i.e. $Env:ComputerName).  This parameter has aliases of SubjectAlternativeName and SAN.

.PARAMETER FileName
The .cer file you want to export the code signing certificate to.

.EXAMPLE
New-CodeSigningCertificate.ps1 -FileName C:\cert.cer -DnsName Server1

OR

PS C:\>New-CodeSigningCertificate.ps1 -FileName C:\cert.cer -SubjectAlternativeName Server1

OR

PS C:\>New-CodeSigningCertificate.ps1 -FileName C:\cert.cer -SAN Server1

Creates a self-signed code signing certificate with a common name, subject name, & issuer name of Server1 and exports the certificate into a file in the C:\ directory called cert.cer.

.EXAMPLE
New-CodeSigningCertificate.ps1 -FileName C:\cert.cer Server1,www.contoso.com

Creates a self-signed code signing certificate with Server1 and www.contoso.com as the SAN entries.  Server1 is also listed as the common name (i.e Issued To), subject name, & issuer name.  The certificate is exported into a file in the C:\ directory called cert.cer.

.EXAMPLE
New-CodeSigningCertificate.ps1 cert.cer

Creates a self-signed code signing certificate with a common name, subject name, & issuer name of the local computer name and exports the code signing certificate into a file called cert.cer, in the local directory.

.EXAMPLE
New-CodeSigningCertificate.ps1 cert.cer -Verbose

Creates a self-signed code signing certificate with a common name, subject name, & issuer name of the local computer name and exports the code signing certificate into a file called cert.cer, in the local directory, while showing verbose details of what the script is doing.

.INPUTS
File name & one, or more, DNS names (i.e. SAN entries).

.OOUTPUTS
A .cer certificate file.

.NOTES
1. THIS CODE IS MADE AVAILABLE "AS IS", WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.

2. When importing the certificate into the Trusted Root Certification Authorities store for the current user (i.e. Cert:\CurrentUser\Root), you will get a security warning pop-up that says something like the below.  This is expected since doing so represents a security risk.  Read the security warning message to understand the implications of installing the untrusted certificate.

Note: In order for the self-signed code signing certificate to work, you will need to click on the Yes button of the security warning prompt.

--Security Warning pop-up message:

You are about to install a certificate from a certification authoritity (CA) claiming to represent:

<The first name you specify for the -DnsName parameter>

Windows cannot validate that the cerificate is actually from "<The first name you specify for the -DnsName parameter>".
You should confirm its origin by contacting "<The first name you specify for the -DnsName parameter>".  The following number will assist you in this process:

Thumbprint (sha1): <Thumbprint of the self-signed code signing certificate that the script creates>

Warning:
If you install this root certificate, Windows will automatically trust any certificate issued by this CA.  Installing a certificate with an unconfirmed thumbprint is a security risk.  If you click "Yes" you acknowledge this risk.

Do you want to install this certificate?

3. Once this script has completed, you will need to use the Set-AuthenticodeSignature cmdlet to sign your scripts.  See the help information (i.e. Help Set-AuthenticodeSignature -Full) for full details, including examples.

.LINK
about_Signing
New-SelfSignedCertificate
Export-Certificate
Import-Certificate
Set-AuthenticodeSignature
Get-AuthenticodeSignature
#>

[CmdletBinding()]
param
(
  [Parameter(Position = 1)]
  [Alias("SubjectAlternativeName","SAN")]
  #Specify one or more DNS names, in a comma-separated list, to put into the subject alternative name (SAN) extension of the certificate. The first DNS name is also saved as the Subject Name, Issuer Name, and Common Name (i.e. Issued To).
  [string[]] $DnsName = $Env:ComputerName,

  [parameter(Mandatory = $True,
                         Position = 0,
                         HelpMessage = "Specify the name of the .cer file to export the self-signed code signing certificate to.")]
  [string] $FileName
)

#Create the self-signed code signing certificate that will be used to sign powershell scripts.
Write-Verbose "Creating the self-signed code signing certificate."
$CSCert = New-SelfSignedCertificate -DnsName $DnsName -CertStoreLocation "Cert:\currentuser\My" -Type CodeSigningCert

#Export the certificate to the specified location/file.
Write-Verbose "Exporting the certificate."
Export-Certificate -Cert $CSCert -FilePath $FileName
Write-Verbose "Export complete."

#Import the certificate into the Trusted Root Certification Authorities store for the current user (i.e. Cert:\CurrentUser\Root)
Write-Verbose "Importing the certificate from $FileName into the Trusted Root Certification Authorities store for the current user (i.e. Cert:\CurrentUser\Root)."
Import-Certificate -FilePath $FileName -CertStoreLocation "Cert:CurrentUser\Root"
Write-Verbose "Import complete."
	<#
	.SYNOPSIS
	This script creates a self-signed certificate, exports it, and re-imports it into the Trusted Root Certification Authorities store.

	.DESCRIPTION
	This script creates a self-signed code signing certificate, valid for one year from the date/time created, that can be used for testing purposes to sign scripts. After the certificate is created, the issuer is untrusted. So, the script then exports the certificate into a .cer file and re-imports it into the Trusted Root Certification Authorities store for the current user (i.e. Cert:\CurrentUser\Root).

	.PARAMETER DnsName
	Specify one, or more, DNS names to put into the subject alternative name (SAN) extension of the certificate. The first DNS name is also saved as the subject name, issuer name (i.e. Issued By), and common name (i.e. Issued To). Default is the local computer name (i.e. $Env:ComputerName). This parameter has aliases of SubjectAlternativeName and SAN.

	.PARAMETER FileName
	The .cer file you want to export the code signing certificate to.

	.EXAMPLE
	New-CodeSigningCertificate.ps1 -FileName C:\cert.cer -DnsName Server1

	OR

	PS C:\>New-CodeSigningCertificate.ps1 -FileName C:\cert.cer -SubjectAlternativeName Server1

	OR

	PS C:\>New-CodeSigningCertificate.ps1 -FileName C:\cert.cer -SAN Server1

	Creates a self-signed code signing certificate with a common name, subject name, & issuer name of Server1 and exports the certificate into a file in the C:\ directory called cert.cer.

	.EXAMPLE
	New-CodeSigningCertificate.ps1 -FileName C:\cert.cer Server1,www.contoso.com

	Creates a self-signed code signing certificate with Server1 and www.contoso.com as the SAN entries. Server1 is also listed as the common name (i.e Issued To), subject name, & issuer name. The certificate is exported into a file in the C:\ directory called cert.cer.

	.EXAMPLE
	New-CodeSigningCertificate.ps1 cert.cer

	Creates a self-signed code signing certificate with a common name, subject name, & issuer name of the local computer name and exports the code signing certificate into a file called cert.cer, in the local directory.

	.EXAMPLE
	New-CodeSigningCertificate.ps1 cert.cer -Verbose

	Creates a self-signed code signing certificate with a common name, subject name, & issuer name of the local computer name and exports the code signing certificate into a file called cert.cer, in the local directory, while showing verbose details of what the script is doing.

	.INPUTS
	File name & one, or more, DNS names (i.e. SAN entries).

	.OOUTPUTS
	A .cer certificate file.

	.NOTES
	1. THIS CODE IS MADE AVAILABLE "AS IS", WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.

	2. When importing the certificate into the Trusted Root Certification Authorities store for the current user (i.e. Cert:\CurrentUser\Root), you will get a security warning pop-up that says something like the below. This is expected since doing so represents a security risk. Read the security warning message to understand the implications of installing the untrusted certificate.

	Note: In order for the self-signed code signing certificate to work, you will need to click on the Yes button of the security warning prompt.

	--Security Warning pop-up message:

	You are about to install a certificate from a certification authoritity (CA) claiming to represent:

	<The first name you specify for the -DnsName parameter>

	Windows cannot validate that the cerificate is actually from "<The first name you specify for the -DnsName parameter>".
	You should confirm its origin by contacting "<The first name you specify for the -DnsName parameter>". The following number will assist you in this process:

	Thumbprint (sha1): <Thumbprint of the self-signed code signing certificate that the script creates>

	Warning:
	If you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click "Yes" you acknowledge this risk.

	Do you want to install this certificate?

	3. Once this script has completed, you will need to use the Set-AuthenticodeSignature cmdlet to sign your scripts. See the help information (i.e. Help Set-AuthenticodeSignature -Full) for full details, including examples.

	.LINK
	about_Signing
	New-SelfSignedCertificate
	Export-Certificate
	Import-Certificate
	Set-AuthenticodeSignature
	Get-AuthenticodeSignature
	#>

	[CmdletBinding()]
	param
	(
	[Parameter(Position = 1)]
	[Alias("SubjectAlternativeName","SAN")]
	#Specify one or more DNS names, in a comma-separated list, to put into the subject alternative name (SAN) extension of the certificate. The first DNS name is also saved as the Subject Name, Issuer Name, and Common Name (i.e. Issued To).
	[string[]] $DnsName = $Env:ComputerName,

	[parameter(Mandatory = $True,
	Position = 0,
	HelpMessage = "Specify the name of the .cer file to export the self-signed code signing certificate to.")]
	[string] $FileName
	)

	#Create the self-signed code signing certificate that will be used to sign powershell scripts.
	Write-Verbose "Creating the self-signed code signing certificate."
	$CSCert = New-SelfSignedCertificate -DnsName $DnsName -CertStoreLocation "Cert:\currentuser\My" -Type CodeSigningCert

	#Export the certificate to the specified location/file.
	Write-Verbose "Exporting the certificate."
	Export-Certificate -Cert $CSCert -FilePath $FileName
	Write-Verbose "Export complete."

	#Import the certificate into the Trusted Root Certification Authorities store for the current user (i.e. Cert:\CurrentUser\Root)
	Write-Verbose "Importing the certificate from $FileName into the Trusted Root Certification Authorities store for the current user (i.e. Cert:\CurrentUser\Root)."
	Import-Certificate -FilePath $FileName -CertStoreLocation "Cert:CurrentUser\Root"
	Write-Verbose "Import complete."