16.3. Signed Scripts

Windows PowerShell provides two script-signing cmdlets, the set-authenticodesignature and get-authenticodesignature cmdlets. These enable you to sign scripts and to examine the signature of a script, respectively.

16.3.1. Creating a Certificate

To use the set-authenticodesignature and get-authenticodesignature cmdlets, you need to be able to create code-signing certificates on the machine. If you have access to a corporate code-signing certificate, you may prefer to use that to follow through this example. If you want to distribute signed scripts later, you will need a commercial code-signing certificate. The instructions provided here are based on the makecert.exe utility included in the .NET Framework 2.0 SDK, which comes with Visual Studio 2005.

Creating a certificate for Windows PowerShell using makecert.exe is a two-step process. First, navigate to the location in which you installed the makecert.exe utility and create a Windows PowerShell Local Certificate Root using the following command:

makecert -n "CN=Windows PowerShell Local Certificate Root" -a sha1 '
            -eku -r -sv root.pvk root.cer '
            -ss Root -sr localMachine

You will be prompted for a password in a separate window. Assuming that you typed the command correctly, you will see a Succeeded message similar to the one shown in Figure 16-8.

Figure 16.8. Figure 16-8

Next, you create ...

Get Professional Windows® PowerShell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.