Menu
I try to create a self-signed code signing certificate via powershell to sign a .NET assembly through Visual Studio 2017 with it as a pfx afterwards. The pfx is exported as a domain-protected certificate using -ProtectTo argument. The code is as follows:
$pfxLocation = [System.IO.Path]::Combine([System.Environment]::GetFolderPath("Desktop"),"Certificates\")
New-Item -ItemType Directory -Path $pfxLocation -Force
$certificate = New-SelfSignedCertificate `
-CertStoreLocation "Cert:\LocalMachine" `
-FriendlyName "This is a code-signing certificate" `
-Subject "CN=Me" `
-Type CodeSigningCert `
-NotBefore ([System.DateTime]::Today) `
-NotAfter ([System.DateTime]::Today.AddMonths(6).AddDays(1)) `
-KeyExportPolicy Exportable
Move-Item -Destination "Cert:\LocalMachine\Root" -Path $certificate.PSPath
$newCertificateLocation = "Cert:\LocalMachine\Root\" + $certificate.Thumbprint
Get-ChildItem $newCertificateLocation | Export-PfxCertificate -FilePath ([System.IO.Path]::Combine($pfxLocation,"certificate.pfx")) -ProtectTo "Domain\Domain group 1", "Domain\Domain group 2"
However, Visual Studio still demands a non-existent password.
Password from domain user from one of domain groups specified with -ProtectTo argument is rejected:
So what password does it request and why does it require any at all? As it's domain-protected, it shouldn't have any, and that's exactly what I was aiming at.
UPDATE
Basically, the idea is to use output pfx for code signing with automated build agents, for which absence of password is kind of a must.
287
This export PFX without password. When importing this through GUI, you can use empty password.
$cert = @(Get-ChildItem -Path 'Cert:\CurrentUser\My\07BAE0886EECC2019F0AE6CC68FE5C3EA98308F8')[0]
$certBytes = $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx)
[System.IO.File]::WriteAllBytes('S:\cert.pfx', $certBytes)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
