SimpleLapsGui icon indicating copy to clipboard operation
SimpleLapsGui copied to clipboard
verified publisher icon htcfreek

Code signing for exe and Powershell

Open htcfreek opened this issue 2 years ago • 1 comments

https://stackoverflow.com/questions/49471996/sign-powershell-script-with-cert-from-easy-rsa

htcfreek avatar Apr 27 '23 08:04 htcfreek

Hello. I'd like to help with this if I can. I've been signing PowerShell scripts and EXEs (including AutoIt) for a while and here's how I'm doing it.

  1. Install the Windows Software Development Kit (I usually use the latest version) and select the MSI Tools and Windows SDK Signing Tools for Desktop Apps features.

  2. Obtain and install a code signing certificate. On Windows it should install in the current user personal store.

  3. For AutoIt scripts add this line to the wrapper directives at the top. This will sign the executable after it's compiled/built. #AutoIt3Wrapper_Run_After=""<path_to_signtool.exe>" sign /a /fd sha256 /td sha256 /tr http://timestamp.digicert.com "%out%""

  4. For PowerShell scripts you can either run these commands individually or put them in a script: $Cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert -Recurse | ? { $_.NotAfter -gt (Get-Date) } $timeStampSvr = "http://timestamp.digicert.com" Set-AuthenticodeSignature -FilePath <path_to_script> -Certificate $Cert -IncludeChain "All" -TimeStampServer $timeStampSvr -HashAlgorithm SHA256

Let me know if I can be any help.

johnny-patton avatar Feb 14 '25 13:02 johnny-patton