16.3. Signed Scripts
Windows PowerShell provides two script-signing cmdlets, the set-authenticodesignature and get-authenticodesignature cmdlets. These enable you to sign scripts and to examine the signature of a script, respectively.
16.3.1. Creating a Certificate
To use the set-authenticodesignature and get-authenticodesignature cmdlets, you need to be able to create code-signing certificates on the machine. If you have access to a corporate code-signing certificate, you may prefer to use that to follow through this example. If you want to distribute signed scripts later, you will need a commercial code-signing certificate. The instructions provided here are based on the makecert.exe utility included in the .NET Framework 2.0 SDK, which comes with Visual Studio 2005.
Creating a certificate for Windows PowerShell using makecert.exe is a two-step process. First, navigate to the location in which you installed the makecert.exe utility and create a Windows PowerShell Local Certificate Root using the following command:
makecert -n "CN=Windows PowerShell Local Certificate Root" -a sha1 ' -eku 220.127.116.11.18.104.22.168.3 -r -sv root.pvk root.cer ' -ss Root -sr localMachine
You will be prompted for a password in a separate window. Assuming that you typed the command correctly, you will see a Succeeded message similar to the one shown in Figure 16-8.
Figure 16.8. Figure 16-8
Next, you create ...