9

I am using Windows 7, and want to run signed scripts from Powershell, the security-settings of Powershell are set to "all-signed", and my scripts are signed with a valid certificate from my company. I have also added the .pfx-file to my local certificate store (right-clicked the pfx-file and installed).

However, when I start a signed script, I get a message that says:

"Do you want to run software from this untrusted publisher?
File Z:\Powershell Signed Scripts\signed.ps1 is published by CN=[MyCompanyName] and is not trusted on your system. Only run scripts from
 trusted publishers.
[V] Never run  [D] Do not run  [R] Run once  [A] Always run  [?] Help
(default is "D"):"

Since I want to automatically call these scripts on my systems, I would like to add my imported certificate to the trusted list on my system, so that I do not get a message anymore when I run a signed script for the first time. How can I make my certificate a trusted one?

Abhishek bhutra
  • 1,400
  • 1
  • 11
  • 29
Erik
  • 2,316
  • 9
  • 36
  • 58
  • Are you sure that the public certificate of the certification authority that emit your développement certificate exists in your certificate repository ? – JPBlanc Jan 11 '12 at 13:56

2 Answers2

11

How to trust a certificate in Windows Powershell

Indeed, you can do this without any mmc :)

First, check the location of your personal certificate named for example "Power" :

Get-ChildItem -Recurse cert:\CurrentUser\ |where {$_ -Match "Power"} | Select PSParentPath,Subject,Issuer,HasPrivateKey |ft -AutoSize

(This one should be empty:)

gci cert:\CurrentUser\TrustedPublisher

Build the command with the path to your certificate:

$cert = Get-ChildItem    Certificate::CurrentUser\My\ABLALAH

Next work on certificate store (Here I work on two certificate store : user & computer)

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine"
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()

Check, you should find your certificate :

ls cert:\CurrentUser\TrustedPublisher
Michael Blake
  • 2,068
  • 2
  • 18
  • 31
Alexis-Emmanuel Haeringer
  • 304
  • 4
  • 12
  • 3
    In your example to store the certificate, you are using `"TrustedPublisher","LocalMachine"` which is only accessible with Administrator priviliges. In the next lines you are referring to `CurrentUser\TrustedPublisher` which is accessible by users. Thus I would suggest to change `"LocalMachine"` to `"CurrentUser"` so that it becomes a full working example. – Florian Feldhaus Feb 03 '17 at 07:15
  • That ls command!!! Yes!!! So glad you showed that in your answer. Super helpful. – raddevus Jan 24 '23 at 21:00
2

Sounds like you need to verify that the script is signed properly and that you have the correct certificate installed in the correct certificate store.

Use the Get-AuthenticodeSignature cmdlet to get information about the signed script.

Also review Scott's guide for signing certificates.

Shay Levy
  • 121,444
  • 32
  • 184
  • 206
Andy Arismendi
  • 50,577
  • 16
  • 107
  • 124