How to sign Powershell profile w/ self-signed certificate? Solved

Page 2 of 2 FirstFirst 12
  1. slicendice's Avatar
    Posts : 3,662
    Windows 10 Pro x64 v1809 Build 17763.134 (Branch: RS5 Release Preview)
       11 Apr 2018 #11

    That Random Guy said: View Post

    Yep, that would do it. Ditto on the work well done--you cooked 'em!

    I initially wanted to avoid using makecert and just use Powershell but all of my other attempts failed, so....

    Thank-you! :)
    You're welcome.

    The information available on the interwebs is rather cryptic. I am still trying to find a decent solution for using PowerShell only.
      My ComputersSystem Spec

  2.    11 Apr 2018 #12

    Excellent job! Next, do you know how (if we can) self-sign drivers?
      My ComputerSystem Spec

  3. slicendice's Avatar
    Posts : 3,662
    Windows 10 Pro x64 v1809 Build 17763.134 (Branch: RS5 Release Preview)
       11 Apr 2018 #13

    lx07 said: View Post
    Excellent job! Next, do you know how (if we can) self-sign drivers?

    Hmmm...that was an excellent question. I don't know, never tried it, since I don't develop drivers. Maybe I should, now that it seems the Windows BT stack could be a bit broken (or then just protocols are missing) in RS4 and there always seems to be issues with Intel and NVidia drivers.

    Edit: According to MS and other sources, these certificates should be enough for self-signing drivers too.
      My ComputersSystem Spec

  4. Posts : 28
    Windows 10 Pro x64 ( v. 1803)
    Thread Starter
       11 Apr 2018 #14


    The following is a powershell-only solution which will not require the installation of extra software/tools/features (at least on Windows 10):

    #Open up a Powershell window—with Admin privileges—and run the following to create the self-signed certificate and save it to the PS variable of your choice. Below, the naming distinction mycert is used. I recommend that or just copy/paste the code.
    $mycert = New-SelfSignedCertificate  -Subject "CN=PowerShell signing example" `                -KeyAlgorithm RSA -KeyLength 2048   -Type CodeSigningCert `
                    -CertStoreLocation Cert:\LocalMachine\My\
    #Next, to verify the certificate was created, simply type the variable you just created.
    #For example, the above would be $cert
    #Hit enter, and the thing should print out a thumbprint to the screen.

    #Now, with that outta the way, you need to move the certificate you just created the root cert store on your machine.
    #To do this, run the following command (take note of the variable name; i.e. use what you used above):
    Move-Item "Cert:\LocalMachine\My\$($mycert.Thumbprint)" Cert:\LocalMachine\Root
    #Finally, with that out of the way, you can sign your script with the following command

    set-AuthenticodeSignature C:\Path\To\Script\test.ps1 $mycert

    Once you run that command, you should receive output on the console displaying the successful signing.

    Incidentally, I had tried this route before but kept failing because I didn't move the certificate to the root cert store. Now I know.

    In the end, I don't feel better about this compared to having just changed the execution-policy.

    For those interested in the guide referenced for this method, please visit this link.

    For those interested in the guide referenced for the first method (on page 1), click this link.

    P.S. - I knew the code I used looked familiar, and I eventually wound up finding (piece by piece) the entire guide on another site.

    P.P.S. - We shouldn't be required to do all of this just to get a few permanent aliases in Powershell.
      My ComputerSystem Spec

  5. slicendice's Avatar
    Posts : 3,662
    Windows 10 Pro x64 v1809 Build 17763.134 (Branch: RS5 Release Preview)
       12 Apr 2018 #15

    That is one way to do it! :)

    I have been looking into this, but I'm still not quite convinced. The descriptions on the interwebs are a bit around the bush when it comes to explaining things.

    Let's work on this further.
      My ComputersSystem Spec

  6.    13 Apr 2018 #16

    About self-signing drivers: check in with Fernando (Dieter, the owner/operator) at He's been doing that for years because of all the driver mods he posts on his site. Once you load his certificate, you can also load and use any of his drivers. It's a fair amount of work (with some expense for obtaining and maintaining a certificate) but it can indeed be done.
      My ComputersSystem Spec

Page 2 of 2 FirstFirst 12

Related Threads
How to Fix 'You've been signed in with a temporary profile' Error in Windows 10 A user profile is a collection of settings that make the computer look and work the way you want it to for a user account. It is stored in the user's C:\Users\<user...
As i say i am wirter and like to sing my documents whith digital sing żAre a free alternative to sing documents?
Hi, everyone... I'm trying to find a registry hack or something to address the change Microsoft made going from Windows 8.x to Windows 10. Here is a quick run-down of what Microsoft changed: My wife and I have 4 children. One of our PCs...
The user profile service failed the sign-in user profile cannot be loaded in Windows 10. I created a local account in Windows 10 and when I login I get that error. My laptop came preinstalled with Windows 10 and was not upgraded. There is...
Solved You've been signed in with temporary profile error in User Accounts and Family Safety
I upgraded to windows 10 about a month ago, from windows 7 home edition (64 bit). I didn't have problems for a few weeks, everything worked correctly. I connected my user with my MS account and that worked as well. The problem started, when...

Tags for this Thread

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:41.
Find Us