Windows 10: How to sign Powershell profile w/ self-signed certificate?

Discus and support How to sign Powershell profile w/ self-signed certificate? in Windows 10 Support to solve the problem; About self-signing drivers: check in with Fernando (Dieter, the owner/operator) at Win-RAID.com. He's been doing that for years because of all the... Discussion in 'Windows 10 Support' started by EdTittel, Apr 4, 2018.

  1. EdTittel Win User

    How to sign Powershell profile w/ self-signed certificate?


    About self-signing drivers: check in with Fernando (Dieter, the owner/operator) at Win-RAID.com. He's been doing that for years because of all the driver mods he posts on his site. Once you load his certificate, you can also load and use any of his drivers. It's a fair amount of work (with some expense for obtaining and maintaining a certificate) but it can indeed be done.
    HTH,
    --Ed--
     
    EdTittel, Apr 4, 2018
    #1

  2. I currently have my execution-policy set to AllSigned. I don't want to change it or bypass that restriction.

    When I created my profile script--or whatever it's called--I wanted to do so in order to set permanent aliases.

    For whatever reason, Microsoft has made it an ever increasingly difficult endeavor just to create permanent aliases.

    The problem now is that it won't run the script because it isn't digitally signed.

    I attempted to make a self-signed certificate to sign the blasted thing but I never got anywhere.

    I've looked at a few guides online but they all assume I'm in a server environment or something (which means the steps keep changing or involve unnecessary steps).

    In the end, I wound up with a code-signing cert and the thing is in my current-user cert store.

    I'm trying to get this to work on my Windows 10 Pro desktop but I haven't a clue as to what I'm actually supposed to be doing.

    Is it even possible to get what I'm asking for? *Confused

    P.S. - I have no experience with either Powershell or certificates. The only reason I know what I've mentioned so far is because I spent 2-3 minutes glossing over the help files. My knowledge of PKI has me understanding that you need a private key to sign something, but I can't even get the certificate to validate my own key so it's kind of getting me flustered at this point.

    :)
     
    That Random Guy, Apr 8, 2018
    #2
  3. Entegy Win User
    can not log in to corporate mail server

    If you're using self-signed certificates, you need to manually import the certificate to your phone. Windows Phone does not automatically import self-signed certificate for security reasons, unlike iOS and Android since self-signed certificates are often
    used in spoofing.
     
    Entegy, Apr 8, 2018
    #3
  4. How to sign Powershell profile w/ self-signed certificate?

    6680 CA certificates

    You should have two certificates. One is the self-signed certificate, and one is the root CA certificate that you used to sign the self-signed certificate. Put them both in the same .crt file in that order, upload them to your server and tell Apache to
    use that certificate file.

    If that doesn't work, by all means try uploading it to your phone, but I suspect that if it still doesn't work then the phone just doesn't like self-signed certificates.
     
    hiltonian---01, Apr 8, 2018
    #4
  5. Kari Win User
    Kari, Apr 8, 2018
    #5
  6. That's what I said.

    And that's what you said.

    Is there any way to run the script without bypassing the execution-policy restriction? I'd rather not change it.
     
    That Random Guy, Apr 8, 2018
    #6
  7. Kari Win User
    You seem not to understand what different execution polices are and do? RemoteSigned is exactly as AllSigned, only exception being that your own local scripts will not need to be signed.

    it is of course up to you to choose between the easy way which does what you want, or the more difficult way and try to find a valid method to sign your own scripts.

    You can even keep AllSigned for all other user accounts and only allow your own user account to run your local scripts:

    Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

    With -Scope CurrentUser you can set different execution policy for each user, including built-in admin.
     
    Kari, Apr 8, 2018
    #7
  8. How to sign Powershell profile w/ self-signed certificate?

    @Kari

    I get what the RemoteSigned execution policy does but I want to sign my script and keep the AllSigned restriction.

    Is that even possible? I'd like to think it does but every tutorial I come across keeps telling me a different story.

    I'll keep trying on my end but I'll eventually have to put up something.
     
    That Random Guy, Apr 9, 2018
    #8
  9. It is possible! Hold on to your hat...this will take a while to explain...

    ...to be continued...

    STATUS UPDATE: Writing step by step tutorial with pictures and verifying that everything I say works. Will post here once it's done.
     
    slicendice, Apr 9, 2018
    #9
  10. EdTittel Win User
    Nice work, SliceNDice! Can't wait for the "next thrilling installment."
    --Ed--
     
    EdTittel, Apr 10, 2018
    #10
  11. Thanks a lot! *Smile
     
    slicendice, Apr 10, 2018
    #11
  12. @slicendice

    Yep, that would do it. Ditto on the work well done--you cooked 'em!

    I initially wanted to avoid using makecert and just use Powershell but all of my other attempts failed, so....

    Thank-you! *Smile
     
    That Random Guy, Apr 10, 2018
    #12
  13. How to sign Powershell profile w/ self-signed certificate?

    You're welcome.

    The information available on the interwebs is rather cryptic. I am still trying to find a decent solution for using PowerShell only.
     
    slicendice, Apr 10, 2018
    #13
  14. lx07 Win User
    Excellent job! Next, do you know how (if we can) self-sign drivers?
     
  15. Thanks!

    Hmmm...that was an excellent question. I don't know, never tried it, since I don't develop drivers. Maybe I should, now that it seems the Windows BT stack could be a bit broken (or then just protocols are missing) in RS4 and there always seems to be issues with Intel and NVidia drivers. *Wink

    Edit: According to MS and other sources, these certificates should be enough for self-signing drivers too.
     
    slicendice, Apr 10, 2018
    #15
Thema:

How to sign Powershell profile w/ self-signed certificate?

Loading...
  1. How to sign Powershell profile w/ self-signed certificate? - Similar Threads - sign Powershell profile

  2. An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...

    in Windows 10 Gaming
    An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...: Statement of the Problem: An invalid self-signed CA certificate which all browsers says it's using, can't be found by standard Windows tools so it can be removed.Background: I have a small self-hosted environment in Docker on Windows 10. I've identified a bogus CA certificate...
  3. An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...

    in Windows 10 Software and Apps
    An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...: Statement of the Problem: An invalid self-signed CA certificate which all browsers says it's using, can't be found by standard Windows tools so it can be removed.Background: I have a small self-hosted environment in Docker on Windows 10. I've identified a bogus CA certificate...
  4. An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...

    in AntiVirus, Firewalls and System Security
    An invalid [self-signed] CA certificate exists on Windows 10 Pro, but...: Statement of the Problem: An invalid self-signed CA certificate which all browsers says it's using, can't be found by standard Windows tools so it can be removed.Background: I have a small self-hosted environment in Docker on Windows 10. I've identified a bogus CA certificate...
  5. Self signed certificate used to expire standalone media MECM

    in Windows 10 Software and Apps
    Self signed certificate used to expire standalone media MECM: Good evening folks,I'm currently exploring making a USB software stick created with MECM more secure by password protecting it and assigning the self signed certificate during the task sequence standalone media creation which lets it expire. I've searched quite a bit and...
  6. Self signed certificate used to expire standalone media MECM

    in Windows 10 Customization
    Self signed certificate used to expire standalone media MECM: Good evening folks,I'm currently exploring making a USB software stick created with MECM more secure by password protecting it and assigning the self signed certificate during the task sequence standalone media creation which lets it expire. I've searched quite a bit and...
  7. Self signed certificate used to expire standalone media MECM

    in Windows 10 Gaming
    Self signed certificate used to expire standalone media MECM: Good evening folks,I'm currently exploring making a USB software stick created with MECM more secure by password protecting it and assigning the self signed certificate during the task sequence standalone media creation which lets it expire. I've searched quite a bit and...
  8. Ftps with self-signed certificate. Remote access issue

    in Windows 10 Network and Sharing
    Ftps with self-signed certificate. Remote access issue: Hi,Sorry I’m not very experienced with this topic. As the title suggests, I created a self signed certificate and set up a ftp over ssl with port 21 explicit. Than forwarded the 21 port in my router and assigned an external one. I’m able to connect to it locally, with the pc...
  9. Secure Credentials with Self-Signed Certificates for PowerShell Script

    in Windows 10 News
    Secure Credentials with Self-Signed Certificates for PowerShell Script: Hello everyone, I’m Preston K. Parsard, specializing in Platforms, Azure Infrastructure and Automation topics, and I’d like to share some insights for securing PowerShell credentials using certificates. This post is based on a recent customer project, but we’ll also wrap a...
  10. Self-Signed Certificates no longer working since update

    in Windows 10 Support
    Self-Signed Certificates no longer working since update: Morning all, annoyingly Windows decided to update itself over the weekend and rebooted my PC. This also happened with a few other work PCs and left users unable to login for an hour while it forced the update on us. Luckily we only have a handful of Win 10 PCs and decided...