Create a self signed certificate on Win10 and PS5.1
The cmdlet generates an ssl cert for testing purposes. Unlike makecert this cannot be used to sign a driver or an application code.
Get-Command -Module PKI
New-SelfSignedCertificate -DnsName test.vmlab.local -CertStoreLocation cert:\LocalMachine\My -Type CodeSigningCert
View the Cert:
cd cert:
dir
cd localmachine
dir
cd my
(This can also be viewed in the certificates MMC SnapIn)
Export the generated cert as a PFX file with a password. Copy thumbprint from output of above commands
$CertPassword = ConvertTo-SecureString – String “YourPassword” -Force -AsPlainText
Export-PfxCertificate -Cert cert:\LocalMachine\My\ThumbprintCode -FilePath C:\test.pfx -Password $CertPassword
The certificate public key can be exported as follows:
Export-Certificate -Cert Cert:\LocalMachine\My\ThumbprintCode -FilePath C:\tstcert.cer
Import the above certificate in MMC\Certificate store under Trusted Root Certification\Certificates
Set the variable for the cert path:
$cert = (Get-ChildItem cert:\localmachine\my -codesigningCert)[0]
Sign the script with the following:
Set-AuthenticodeSignature -Certificate $cert -FilePath .\PathToScript.ps1
The output should give a status of valid. You can now run the script.
Notes:
List of profile paths: $profile | Format-List * -Force
Get-ExecutionPolicy -List
delete cert: del cert:\localmachine\my\Thumbprint
Links:
http://woshub.com/how-to-create-self-signed-certificate-with-powershell/
https://www.petri.com/create-self-signed-certificate-using-powershell
How to make a cert: https://powershell.org/forums/topic/ca-and-code-signing-scripts-in-ps-core-6-1/
https://blogs.technet.microsoft.com/heyscriptingguy/2012/05/21/understanding-the-six-powershell-profiles/
Carbon PowerShell Gallery – https://www.powershellgallery.com/packages/Carbon/2.5.4