Creating a Self Signed Certificate for PowerShell

28 Apr 2015

When signing a PowerShell script you need to have a code signing certificate.  If you do not have a Certificate Authority or access to a suitable certificate you can create your own self signed certifcate.

There is a PowerShell utility that will create your own self signed certificate that you can use to sign PowerShel scripts. 

https://gallery.technet.microsoft.com/scriptcenter/Self-signed-certificate-5920a7c6

This works as a replacement for MakeCert.  The problem that I found with this is that after I created a certificate for code signing:

New-SelfsignedCertificateEx-Subject$Subject-EKU"Code Signing"-KeySpec"Signature"-KeyUsage"DigitalSignature"-FriendlyName$FriendlyName-NotAfter( [DateTime]::Now.AddYears(5)) -StoreNameCertificateAuthority

It will not work as it is not assosciated with a trusted root certificate.  To overcome this I moved the certificate to the Root container in the Cert: store:

Move-Item-PathCert:\CurrentUser\My\9C787C45F4B5291380BEFF16B34CE4EFAB2EDFFE-DestinationCert:\CurrentUser\Root

Once I had done this I was able to use the certificate to sign my PowerShell scripts.

You will notice that to identify the certificate I wanted to move, I needed its thumbprint.  This can be obtained with:

(dirCert:\CurrentUser\Root-Recurse-CodeSigningCert)[0].Thumbprint