Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to trust a certificate in Windows Powershell

I am using Windows 7, and want to run signed scripts from Powershell, the security-settings of Powershell are set to "all-signed", and my scripts are signed with a valid certificate from my company. I have also added the .pfx-file to my local certificate store (right-clicked the pfx-file and installed).

However, when I start a signed script, I get a message that says:

"Do you want to run software from this untrusted publisher?
File Z:\Powershell Signed Scripts\signed.ps1 is published by CN=[MyCompanyName] and is not trusted on your system. Only run scripts from
 trusted publishers.
[V] Never run  [D] Do not run  [R] Run once  [A] Always run  [?] Help
(default is "D"):"

Since I want to automatically call these scripts on my systems, I would like to add my imported certificate to the trusted list on my system, so that I do not get a message anymore when I run a signed script for the first time. How can I make my certificate a trusted one?

like image 269
Erik Avatar asked Jan 11 '12 06:01

Erik


People also ask

How do I trust a server certificate?

If you want to turn on SSL/TLS trust for that certificate, go to Settings > General > About > Certificate Trust Settings. Under "Enable full trust for root certificates," turn on trust for the certificate.

How do I find certificate information in PowerShell?

You can access the certificate store using MMC or using CertMgr. msc command. There are certificates stored for CurrentUser, ServiceAccount, and Local Computer. To access the certificate store using PowerShell, you need to access the PSDrive, and Certificates are stored in the drive called Cert as you can see below.

How do I deploy a certificate in PowerShell?

To install the certificate using PowerShell, we need to use the Import-Certificate command. For example, we have a certificate stored at the location C:\temp\Mycert. cer and we need to install it in the Personal store of the local machine.


2 Answers

How to trust a certificate in Windows Powershell

Indeed, you can do this without any mmc :)

First, check the location of your personal certificate named for example "Power" :

Get-ChildItem -Recurse cert:\CurrentUser\ |where {$_ -Match "Power"} | Select PSParentPath,Subject,Issuer,HasPrivateKey |ft -AutoSize

(This one should be empty:)

gci cert:\CurrentUser\TrustedPublisher

Build the command with the path to your certificate:

$cert = Get-ChildItem    Certificate::CurrentUser\My\ABLALAH

Next work on certificate store (Here I work on two certificate store : user & computer)

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine"
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()

Check, you should find your certificate :

ls cert:\CurrentUser\TrustedPublisher
like image 114
Alexis-Emmanuel Haeringer Avatar answered Sep 28 '22 01:09

Alexis-Emmanuel Haeringer


Sounds like you need to verify that the script is signed properly and that you have the correct certificate installed in the correct certificate store.

Use the Get-AuthenticodeSignature cmdlet to get information about the signed script.

Also review Scott's guide for signing certificates.

like image 24
Andy Arismendi Avatar answered Sep 28 '22 02:09

Andy Arismendi