Contact Info

Crumbtrail » Administration » Powershell » Powershell 1.0 » Set-AuthenticodeSignature

Set-AuthenticodeSignature - Powershell 1.0 CmdLet

Microsoft Windows PowerShell is a command-line shell and scripting tool based on the Microsoft .NET Framework. It is designed for system administrators, engineers and developers to control and automate the administration of Windows and applications.

More than hundred command-line tools (so called "cmdlets") can be used to perform system administration tasks and Windows Management Instrumentation (WMI). These cmdlets are easy to use, with standard naming conventions and common parameters, and standard tools for piping, sorting, filtering, and formatting data and objects.


Place a signature in a .ps1 script or other file


-filePath path
      The path to a file that is being signed. {may be piped}

   -certificate X509Certificate2
       The certificate that will be used to sign the script/file.
       (use an expression or variable that gets the certificate via 
       Get-PfxCertificate or Get-ChildItem)

   -includeChain string
       What should be included in the digital signature: 
        "Signer" : Include only the signer's certificate.
        "NotRoot": Include all of the certificates in the certificate chain,
                   except for the root authority. (this is the default)
        "All"    : Include all certificates in the certificate chain.

   -timeStampServer string
       Use a timestamp server to certify the time that the certificate
       was added to the file. string = the URL of the timestamp server.

       Override restrictions that prevent the command from succeeding, apart
       from security settings. e.g. -force will override a files read-only
       attribute, but will not change file permissions.
       Describe what would happen if you executed the command without actually
       executing the command.
       Prompt for confirmation before executing the command.

      -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutVariable.

Retrieve a code-signing certificate from the certificate provider and use it to sign a PowerShell script:

PS C:\>$cert=Get-ChildItem -FilePath cert:\CurrentUser\my -CodeSigningCert
PS C:\>Set-AuthenticodeSignature PsTest.ps1 -cert $cert

Find a code signing certificate and use it to sign a PowerShell script:

PS C:\>$cert = Get-PfxCertificate C:\Test\Mysign.pfx
PS C:\>Set-AuthenticodeSignature -Filepath C:\myscript.ps1 -Cert $cert

Add a digital signature signed by a third-party timestamp server:

PS C:\>Set-AuthenticodeSignature -filepath c:\myscript.ps1 -cert $cert -TimeStampServer ""