powershell - Signtool allows me to sign code but Set-AuthenticodeSignature says the "certificate is not suitable for code signing" -

-

i have self signed code signing certificate (made directions this answer) , works fine when when use signtool.exe. if try sign using powershell, fails.

signing signtool

c:\>signtool sign /v /n "vetweb" setuprdppermissions.ps1 following certificate selected:     issued to: vetweb     issued by: vetweb ca     expires:   sat dec 31 18:59:59 2039     sha1 hash: 84136ebf8d2603c2cd6668c955f920c6c6482ee4  done adding additional store signed: setuprdppermissions.ps1  number of files signed: 1 number of warnings: 0

signing in powershell

ps c:\> $cert = @(get-childitem cert:\currentuser\my | where-object -filterscript {$_.subject -eq 'cn=vetweb'})[0] ps c:\> set-authenticodesignature setuprdppermissions.ps1 $cert set-authenticodesignature : cannot sign code. specified certificate not suitable code signing. @ line:1 char:26 + set-authenticodesignature <<<<  setuprdppermissions.ps1 $cert     + categoryinfo          : invalidargument: (:) [set-authenticodesignature], psargumentexception     + fullyqualifiederrorid : argument,microsoft.powershell.commands.setauthenticodesignaturecommand  ps c:\> $cert | format-list *   pspath             : microsoft.powershell.security\certificate::currentuser\my\84136ebf8d2603c2cd6668c955f920c6c6482ee4 psparentpath       : microsoft.powershell.security\certificate::currentuser\my pschildname        : 84136ebf8d2603c2cd6668c955f920c6c6482ee4 psdrive            : cert psprovider         : microsoft.powershell.security\certificate psiscontainer      : false archived           : false extensions         : {system.security.cryptography.oid} friendlyname       : issuername         : system.security.cryptography.x509certificates.x500distinguishedname notafter           : 12/31/2039 5:59:59 pm notbefore          : 6/1/2012 1:49:31 pm hasprivatekey      : true privatekey         : system.security.cryptography.rsacryptoserviceprovider publickey          : system.security.cryptography.x509certificates.publickey rawdata            : {48, 130, 1, 235...} serialnumber       : cf330347f35ac0b4427affa82db51238 subjectname        : system.security.cryptography.x509certificates.x500distinguishedname signaturealgorithm : system.security.cryptography.oid thumbprint         : 84136ebf8d2603c2cd6668c955f920c6c6482ee4 version            : 3 handle             : 479608336 issuer             : cn=vetweb ca subject            : cn=vetweb

why can sign using signtool.exe, not powershell?

p.s. running get-childitem cert:\currentuser\my -codesigningcert returns no results.

i had same problem , answer figured out had create 2 certificates. first, trusted root certificate authority using

makecert -n "cn=powershell local certificate root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss root -sr localmachine

and personal certificate above certificate authority using

makecert -pe -n "cn=powershell user" -ss -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

once these created, use 

$cert = @(get-childitem cert:\currentuser\my -codesigning)[0]

for signing (assuming have 1 codesigning certificate). example, if script's name xyz.ps1, use command in powershell

set-authenticodesignature path/to/xyz.ps1 $cert

Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more