I can't seem to get my scripts to sign in PowerShell. I have a valid code signing cert installed on my machine and run the following commands. Any suggestions?
PS C:\Users\u00\bin> $cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]
PS C:\Users\u00\bin> $cert | fl
Subject : [email protected], CN=contoso , OU=Operations, O=contoso,
L=Mayberry, S=Florida, C=US
Issuer : CN=contoso Intermediate CA1, DC=contoso, DC=com
Thumbprint : XXXXXXXXXXXXXXXXXXXXX
FriendlyName : contoso
NotBefore : 7/20/2010 12:58:55 AM
NotAfter : 7/20/2011 12:58:55 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oi
ystem.Security.Cryptography.Oid...}
PS C:\Users\u00\bin> Set-AuthenticodeSignature .\testsign.ps1 -Certificate $cert
Directory: C:\Users\u00\bin
SignerCertificate Status Path
----------------- ------ ----
UnknownError testsign.ps1
PS C:\Users\u00\bin> Get-AuthenticodeSignature .\testsign.ps1
Directory: C:\Users\u00\bin
SignerCertificate Status Path
----------------- ------ ----
NotSigned testsign.ps1
Figured it out. The script file was created using PowerShell ISE and apparently you can't sign scripts created in PowerShell ISE or more accurately you can't sign Unicode Big Endian encoded files which is the default for ISE. There's workaround to change the default encoding as documented in link.
Originally added to question by Chad Miller. Relocated his update to an answer so this question no longer shows up as unanswered.
You can save a file as a specific encoding from within the Powershell ISE with the .Save() method of the ISEFile object:
If you add the following to your ISE profile you can just hit Ctrl-Shift-S to get a different default encoding for your scripts:
Here's some quickie code to create your profile if it doesn't exist and add the menu. Run this code from within the ISE or you'll just add junk to your ConsoleHost profile where it will just error out: