[HOWTO] Sign PowerShell Script with SuisseID

We at d-fens all have a SuisseID, which can be used for different purposes like authentication and electronical signing purposes. It’s as well possible to sign code with the SuisseID. The advantages of using the SuisseID for code signing are that the SuisseID is a very cheap in comparison to other code signing certificates and that the user gets authenticated personally. The following section describes the necessary step to sign a PowerShell script on Windows by using your SuisseID.

To sign code with your SuisseId using PowerShell your SuisseId has to be installed on your computer and as well has to be connected with your computer.

  1. Open the Microsoft Management Console (mmc.exe)
  2. Press Ctrl + m
  3. Add Certificates to the Selected snap-ins
  4. On pop up select My User Account
  5. Open the certificates tree and navigate to Personal\Certificates
  6. Select the SuisseId Qualified Signature certificate (Issued by SwissSign Qualified Platinum CA 2010 - G2)
  7. Right click -> Properties
  8. In General tab select the radio button Enable only the following purposes
  9. Apply
  10. Open a new PowerShell session (Run as administrator)
  11. Get your code signing certificate by executing the following command
    $cert = Get-ChildItem cert:\CurrentUser\my -CodeSigningCert
    
  12. Sign PowerShell script file by executing the following command
    Set-AuthenticodeSignature -FilePath C:\PathToTheFile\SomeFile.ps1 -Certificate $cert
    

Comments

  1. Manuel says:

    hi,
    does you SuisseID work with Windows 10 to sign PowerShell Scripts?
    Mine doesn’t work.

    • Hi
      I could not yet try to reproduce the problem, as I have Windows 7 on my machine. What exactly does not work and what error message do you get?
      Important: Steps 1 to 9 have to be executed every time the SuisseID gets connected with the computer.

    • Hi Manuel
      I just upgraded to Windows 10 and could successfully sign a PowerShell script using the step by step guide from the blog post above.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: