通过Set-AuthenticodeSignature

时间:2015-11-04 17:37:58

标签: powershell certificate powershell-v3.0

我已从我们的可信CA获得代码签名证书。我试图在PowerShell ISE中签署一个脚本但是得到了#34; UnknownError。"我已经尝试将脚本编码为UTF-8,但我仍然得到相同的错误。我已经验证脚本也是UTF-8。

$cert=(dir cert:currentuser\my\ -CodeSigningCert)
Set-AuthenticodeSignature C:\Scripts\Certtestnew.ps1 $cert

即使我得到了#34; UnknownError",它似乎仍然会签署脚本。虽然,当我运行脚本时,我收到"文件C:\ Scripts \ Certtestnew.ps1的内容可能已被篡改,因为哈希 文件与存储在数字签名中的哈希不匹配。"

更新 $ cert info:

PSPath : Microsoft.PowerShell.Security\Certificate::currentuser\my\FDCD31216C3491C2809441344EE6EF5E01EB0550
PSParentPath : Microsoft.PowerShell.Security\Certificate::currentuser\my
PSChildName : FDCD31216C3491C2809441344EE6EF5E01EB0550
PSDrive : Cert
PSProvider : Microsoft.PowerShell.Security\Certificate
PSIsContainer : False
EnhancedKeyUsageList : {}
DnsNameList : {}
SendAsTrustedIssuer : False
Archived : False
Extensions : {System.Security.Cryptography.Oid,System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...;}
FriendlyName :
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
 NotAfter : 10/29/2016 4:05:37 PM
NotBefore : 10/29/2015 3:45:37 PM
HasPrivateKey : True
PrivateKey :
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 225...;}
SerialNumber : 60A14A915A0FAFA12311B0998F5892C9
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : FDCD31216C3491C2809441344EE6EF5E01EB0550
Version : 3
Handle : 578311520
Issuer : CN=USER OU=Admin, OU=Admin and Service Accounts, DC=domoain
Subject : CN=USER, OU=Admin, OU=Admin and Service Accounts, DC=domain

1 个答案:

答案 0 :(得分:0)

我刚看了一下我的域代码签名证书,它的<span>属性下列出了PrivateKey属性和Code Signing

EnhancedKeyUsageList

这导致我查询您的证书是否对代码签名有效。您可能希望重新访问您的证书请求并确保。

$ error在崩溃后包含什么?