Powershell Signature Certificate - kamack38/Essentials GitHub Wiki

Variables

$email = 'example@domain'
$name = 'John Smith'
$friendlyName = 'yourFriendyName'
$length = 3 # (years)

Creating certificate

New-SelfSignedCertificate -Subject "E=$email,CN=$name" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3") -KeyAlgorithm RSA -KeyLength 2048 -FriendlyName $friendlyName -NotAfter (Get-Date).AddYears($length)

Signing File

# $cert = "Cert:\CurrentUser\My\"

# Use this if you have more than one codesigning certificate:
$cert = (Get-ChildItem Cert:\CurrentUser\My -codesigning | Where-Object {$_.FriendlyName -like "$friendlyName"})

# Otherwise you can use this:
$cert = (Get-ChildItem cert:\CurrentUser\My -codesigning)[0]

Set-AuthenticodeSignature -Certificate:$cert -FilePath:"$fileToSign"

Checking Signature

Get-AuthenticodeSignature -FilePath "$fileToSign"

Export PFX certificate

$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Get-ChildItem -Path $cert | Export-PfxCertificate -FilePath C:\mypfx.pfx -Password $mypwd

Export to .cer

$cert = Get-ChildItem -Path $cert
Export-Certificate -Cert $cert -FilePath c:\certs\user.cer

Import PFX certificate

$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Import-PfxCertificate $cert -CertStoreLocation Cert:\CurrentUser\Root -Password $mypwd