Digitally Signing PowerShell Scripts

by Oct 25, 2011

In a previous tip, we illustrated how you access a code signing certificate that was installed on your computer. With such a certificate, you can sign one or all PowerShell scripts in a folder. Here is how you sign all PowerShell scripts in folder c:\scripts with the first available code signing certificate from your certificate store:

$cert = dir cert:\CurrentUser\my -CodeSigningCert | Select-Object -First 1

if ($cert) { dir c:\scripts -Filter *.ps1 -Recurse -ea 0 | 
  Set-AuthenticodeSignature -Certificate $cert 
} else {
  Write-Warning 'You do not have a digital certificate for code signing.'

Note that there are two situations when Set-AuthenticodeSignature cannot sign a script: if a script is smaller than 5 Bytes, and if the script was saved with "Unicode Big Endian" encoding which occurs when you save a script with the PowerShell ISE editor.

Twitter This Tip!
ReTweet this Tip!