Creating a Self Signed Certificate for PowerShell

28 Apr 2015

When signing a PowerShell script you need to have a code signing certificate.  If you do not have a Certificate Authority or access to a suitable certificate you can create your own self signed certifcate.

There is a PowerShell utility that will create your own self signed certificate that you can use to sign PowerShel scripts.

This works as a replacement for MakeCert.  The problem that I found with this is that after I created a certificate for code signing:

New-SelfsignedCertificateEx-Subject$Subject-EKU"Code Signing"-KeySpec"Signature"-KeyUsage"DigitalSignature"-FriendlyName$FriendlyName-NotAfter( [DateTime]::Now.AddYears(5)) -StoreNameCertificateAuthority

It will not work as it is not assosciated with a trusted root certificate.  To overcome this I moved the certificate to the Root container in the Cert: store:


Once I had done this I was able to use the certificate to sign my PowerShell scripts.

You will notice that to identify the certificate I wanted to move, I needed its thumbprint.  This can be obtained with: