PowerShell for Windows Admins

Jul 25 2015   7:44AM GMT

Self signed certificates for testing

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Tags:
Powershell

A question on the forum

http://powershell.org/wp/forums/topic/cannot-add-digital-signature-to-my-script/#post-27883

indicated a problem when using a self signed certificate for testing code signing.

According to the about_signing help file

CREATE A SELF-SIGNED CERTIFICATE
——————————–
To create a self-signed certificate in use the New-SelfSignedCertificate
cmdlet in the PKI module. This module is introduced in Windows PowerShell
3.0 and is included in Windows 8 and Windows Server 2012. For more
information, see the help topic for the New-SelfSignedCertificate cmdlet.

To create a self-signed certificate in earlier versions of Windows, use
the Certificate Creation tool (MakeCert.exe). This  tool is included in
the Microsoft .NET Framework SDK (versions 1.1 and later) and in the
Microsoft Windows SDK.

However the cert produced by New-SelfSifgnedCertificate only appears to function as a SSL self signed cert. It isn’t accepted as a code signing cert.

You can still get the makecert utility for Windows 8.1 from

https://msdn.microsoft.com/en-gb/windows/desktop/bg162891.aspx

and Windows 8 from

https://msdn.microsoft.com/en-us/library/windows/desktop/hh852363.aspx

The makecert utility can be found in

C:\Program Files (x86)\Windows Kits\8.1\bin\x64
or

C:\Program Files (x86)\Windows Kits\8.1\bin\x86

for the 64 & 32bit versions respectively

While you shouldn’t use self-signed certs for production they are useful for testing. My recommendation is to use the makecert utility rather than the PKI cmdlet

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: