signing PowerShell Scripts

Question

i am trying to sign my powershell scripts so i can execute them with no problems. I have my code signing cert created on my system and can view it from inside PowerShell. When i co to sign it i keep getting errors

PS C:\xxadmin> get-childitem cert:\CurrentUser\my -codesign


    Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\my


Thumbprint                                Subject
----------                                -------
6B43052FDE320530CD77B260CC9BD046B68D2351  CN=PowerShell User


PS C:\xxadmin>

Trying to sign using the following command.

Set-AuthenticodeSignature C:\xxadmin\iisbackup.ps1 @ (get-childitem cert:\CurrentUser\My -codesigning) [0]

This is the Error i get.

Unrecognized token in source text. At line:1 char:52 + Set-AuthenticodeSignature C:\xxadmin\iisbackup.ps1 <<<< @ (get-childitem cert:\CurrentUser\My -codesigning) [0] + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : UnrecognizedToken

Also once this script is signed will i need to install the cert on each machines i want to execute the script on?

Answer 1

The @ has to be right next to the opening (. Same for the indexer [0] and the closing ) e.g.:

Set-AuthenticodeSignature C:\xxadmin\iisbackup.ps1 `
    @(get-childitem cert:\CurrentUser\My -codesigning)[0]

Regarding your other question, it depends on the kind of cert you're using. If it is self-generated then yes, you will need to copy it to each machine. If it is an official Verisign type cert then you shouldn't need to install it on the other machines.