16.3. Signed Scripts
Windows PowerShell provides two script-signing cmdlets, the set-authenticodesignature and get-authenticodesignature cmdlets. These enable you to sign scripts and to examine the signature of a script, respectively.
16.3.1. Creating a Certificate
To use the set-authenticodesignature and get-authenticodesignature cmdlets, you need to be able to create code-signing certificates on the machine. If you have access to a corporate code-signing certificate, you may prefer to use that to follow through this example. If you want to distribute signed scripts later, you will need a commercial code-signing certificate. The instructions provided here are based on the makecert.exe utility included in the .NET Framework 2.0 SDK, which comes with Visual Studio 2005.
Creating a certificate for Windows PowerShell using makecert.exe is a two-step process. First, navigate to the location in which you installed the makecert.exe utility and create a Windows PowerShell Local Certificate Root using the following command:
makecert -n "CN=Windows PowerShell Local Certificate Root" -a sha1 '
-eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer '
-ss Root -sr localMachine
You will be prompted for a password in a separate window. Assuming that you typed the command correctly, you will see a Succeeded message similar to the one shown in Figure 16-8.
Figure 16.8. Figure 16-8
Next, you create ...
Get Professional Windows® PowerShell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
