8

I can't seem to get my scripts to sign in PowerShell. I have a valid code signing cert installed on my machine and run the following commands. Any suggestions?

PS C:\Users\u00\bin> $cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0] PS C:\Users\u00\bin> $cert | fl Subject : [email protected], CN=contoso , OU=Operations, O=contoso, L=Mayberry, S=Florida, C=US Issuer : CN=contoso Intermediate CA1, DC=contoso, DC=com Thumbprint : XXXXXXXXXXXXXXXXXXXXX FriendlyName : contoso NotBefore : 7/20/2010 12:58:55 AM NotAfter : 7/20/2011 12:58:55 AM Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oi ystem.Security.Cryptography.Oid...} PS C:\Users\u00\bin> Set-AuthenticodeSignature .\testsign.ps1 -Certificate $cert Directory: C:\Users\u00\bin SignerCertificate Status Path ----------------- ------ ---- UnknownError testsign.ps1 PS C:\Users\u00\bin> Get-AuthenticodeSignature .\testsign.ps1 Directory: C:\Users\u00\bin SignerCertificate Status Path ----------------- ------ ---- NotSigned testsign.ps1
Improve this question
3
  • Good to know. I was taking a look at your question because I can't sign my scripts either, without being an Administrator on the PC. I asked about it here: superuser.com/questions/174878/… Commented Aug 12, 2010 at 22:43
  • 4
    Good question and thanks for posting back the answer. You should go ahead and post your edit in the answer section and then after the timeout mark it as correct so people can more clearly see this question has been answered. Commented Nov 9, 2010 at 14:52
  • I had a similar issue trying to use Subversion when editing scripts in the ISE. Subversion complained that the files saved by the ISE were 'binary mime-type' and wouldn't add them to the repository. I've posted a smoother workaround to the Notepad.exe approach in my answer below. Commented Feb 1, 2011 at 10:23

2 Answers 2

Reset to default
4

Figured it out. The script file was created using PowerShell ISE and apparently you can't sign scripts created in PowerShell ISE or more accurately you can't sign Unicode Big Endian encoded files which is the default for ISE. There's workaround to change the default encoding as documented in link.

Originally added to question by Chad Miller. Relocated his update to an answer so this question no longer shows up as unanswered.

Improve this answer
2
  • Good to know - that Unicode file encoding issue has bitten me elsewhere (a badly written XML parser). Commented Dec 8, 2010 at 3:22
  • And me the other day when writing a script to export MS-DHCP leases for BIND DHCP. Unicode again. Commented Dec 8, 2010 at 6:11
3

You can save a file as a specific encoding from within the Powershell ISE with the .Save() method of the ISEFile object:

 $psIse.CurrentFile.Save([System.Text.Encoding]::UTF8)

If you add the following to your ISE profile you can just hit Ctrl-Shift-S to get a different default encoding for your scripts:

$psISE.CurrentPowerShellTab.AddOnsMenu.SubMenus.Add("_Save as UTF8",{$psIse.CurrentFile.Save([System.Text.Encoding]::UTF8)},"Ctrl+Shift+S")

Here's some quickie code to create your profile if it doesn't exist and add the menu. Run this code from within the ISE or you'll just add junk to your ConsoleHost profile where it will just error out:

add-content $profile -value '$psISE.CurrentPowerShellTab.AddOnsMenu.SubMenus.Add("_Save as UTF8",{$psIse.CurrentFile.Save([System.Text.Encoding]::UTF8)},"Ctrl+Shift+S")'
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.