How to trust a certificate in Windows Powershell

27.9k views Asked by At

I am using Windows 7, and want to run signed scripts from Powershell, the security-settings of Powershell are set to "all-signed", and my scripts are signed with a valid certificate from my company. I have also added the .pfx-file to my local certificate store (right-clicked the pfx-file and installed).

However, when I start a signed script, I get a message that says:

"Do you want to run software from this untrusted publisher?
File Z:\Powershell Signed Scripts\signed.ps1 is published by CN=[MyCompanyName] and is not trusted on your system. Only run scripts from
 trusted publishers.
[V] Never run  [D] Do not run  [R] Run once  [A] Always run  [?] Help
(default is "D"):"

Since I want to automatically call these scripts on my systems, I would like to add my imported certificate to the trusted list on my system, so that I do not get a message anymore when I run a signed script for the first time. How can I make my certificate a trusted one?

2

There are 2 answers

1
Andy Arismendi On

Sounds like you need to verify that the script is signed properly and that you have the correct certificate installed in the correct certificate store.

Use the Get-AuthenticodeSignature cmdlet to get information about the signed script.

Also review Scott's guide for signing certificates.

2
Alexis-Emmanuel Haeringer On

How to trust a certificate in Windows Powershell

Indeed, you can do this without any mmc :)

First, check the location of your personal certificate named for example "Power" :

Get-ChildItem -Recurse cert:\CurrentUser\ |where {$_ -Match "Power"} | Select PSParentPath,Subject,Issuer,HasPrivateKey |ft -AutoSize

(This one should be empty:)

gci cert:\CurrentUser\TrustedPublisher

Build the command with the path to your certificate:

$cert = Get-ChildItem    Certificate::CurrentUser\My\ABLALAH

Next work on certificate store (Here I work on two certificate store : user & computer)

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine"
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()

Check, you should find your certificate :

ls cert:\CurrentUser\TrustedPublisher