Question

我已从我们的可信CA获得代码签名证书。我试图在PowerShell ISE中签署一个脚本但是得到了＃34; UnknownError。＆＃34;我已经尝试将脚本编码为UTF-8，但我仍然得到相同的错误。我已经验证脚本也是UTF-8。

$cert=(dir cert:currentuser\my\ -CodeSigningCert)
Set-AuthenticodeSignature C:\Scripts\Certtestnew.ps1 $cert

即使我得到了＃34; UnknownError＆＃34;，它似乎仍然会签署脚本。虽然，当我运行脚本时，我收到＆＃34;文件C：\ Scripts \ Certtestnew.ps1的内容可能已被篡改，因为哈希文件与存储在数字签名中的哈希不匹配。＆＃34;

更新 $ cert info：

PSPath : Microsoft.PowerShell.Security\Certificate::currentuser\my\FDCD31216C3491C2809441344EE6EF5E01EB0550
PSParentPath : Microsoft.PowerShell.Security\Certificate::currentuser\my
PSChildName : FDCD31216C3491C2809441344EE6EF5E01EB0550
PSDrive : Cert
PSProvider : Microsoft.PowerShell.Security\Certificate
PSIsContainer : False
EnhancedKeyUsageList : {}
DnsNameList : {}
SendAsTrustedIssuer : False
Archived : False
Extensions : {System.Security.Cryptography.Oid,System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...;}
FriendlyName :
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
 NotAfter : 10/29/2016 4:05:37 PM
NotBefore : 10/29/2015 3:45:37 PM
HasPrivateKey : True
PrivateKey :
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 225...;}
SerialNumber : 60A14A915A0FAFA12311B0998F5892C9
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : FDCD31216C3491C2809441344EE6EF5E01EB0550
Version : 3
Handle : 578311520
Issuer : CN=USER OU=Admin, OU=Admin and Service Accounts, DC=domoain
Subject : CN=USER, OU=Admin, OU=Admin and Service Accounts, DC=domain

Answer 1

我刚看了一下我的域代码签名证书，它的<span>属性下列出了PrivateKey属性和Code Signing：

EnhancedKeyUsageList

这导致我查询您的证书是否对代码签名有效。您可能希望重新访问您的证书请求并确保。

$ error在崩溃后包含什么？

通过Set-AuthenticodeSignature

1 个答案: