Monthly Archive

Categories

Self signed certificates for testing

A question on the forum

http://powershell.org/wp/forums/topic/cannot-add-digital-signature-to-my-script/#post-27883

indicated a problem when using a self signed certificate for testing code signing.

 

According to the about_signing help file

CREATE A SELF-SIGNED CERTIFICATE
--------------------------------
    To create a self-signed certificate in use the New-SelfSignedCertificate
    cmdlet in the PKI module. This module is introduced in Windows PowerShell
    3.0 and is included in Windows 8 and Windows Server 2012. For more
    information, see the help topic for the New-SelfSignedCertificate cmdlet.

    To create a self-signed certificate in earlier versions of Windows, use
    the Certificate Creation tool (MakeCert.exe). This  tool is included in
    the Microsoft .NET Framework SDK (versions 1.1 and later) and in the
    Microsoft Windows SDK.

 

However the cert produced by New-SelfSifgnedCertificate only appears to function as a SSL self signed cert. It isn’t accepted as a code signing cert.

 

You can still get the makecert utility for Windows 8.1 from

https://msdn.microsoft.com/en-gb/windows/desktop/bg162891.aspx

and Windows 8 from

https://msdn.microsoft.com/en-us/library/windows/desktop/hh852363.aspx

 

The makecert utility can be found in

C:\Program Files (x86)\Windows Kits\8.1\bin\x64
or

C:\Program Files (x86)\Windows Kits\8.1\bin\x86

for the 64 & 32bit versions respectively

 

While you shouldn’t use self-signed certs for production they are useful for testing. My recommendation is to use the makecert utility rather than the PKI cmdlet

Comments are closed.