Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/powershell/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/visual-studio-2012/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
通过Set-Authenticode签名对powershell脚本进行签名时出现未知错误_Powershell_Certificate_Powershell 3.0 - Fatal编程技术网
Fatal编程技术网
  • powershell/
  • 通过Set-Authenticode签名对powershell脚本进行签名时出现未知错误

通过Set-Authenticode签名对powershell脚本进行签名时出现未知错误

powershell certificate

通过Set-Authenticode签名对powershell脚本进行签名时出现未知错误,powershell,certificate,powershell-3.0,Powershell,Certificate,Powershell 3.0,我已从受信任的CA获得代码签名证书。我正在尝试在PowerShell ISE中对脚本进行签名,但收到“UnknownError”。我已尝试将脚本编码为UTF-8,但仍收到相同的错误。我已经验证了脚本也是UTF-8 $cert=(dir cert:currentuser\my\ -CodeSigningCert) Set-AuthenticodeSignature C:\Scripts\Certtestnew.ps1 $cert 尽管我得到了“UnknownError”,但它似乎仍然在脚本上签名

我已从受信任的CA获得代码签名证书。我正在尝试在PowerShell ISE中对脚本进行签名,但收到“UnknownError”。我已尝试将脚本编码为UTF-8,但仍收到相同的错误。我已经验证了脚本也是UTF-8

$cert=(dir cert:currentuser\my\ -CodeSigningCert)
Set-AuthenticodeSignature C:\Scripts\Certtestnew.ps1 $cert
尽管我得到了“UnknownError”,但它似乎仍然在脚本上签名。虽然,当我运行脚本时,我收到“C:\Scripts\Certtestnew.ps1文件的内容可能已被篡改,因为 文件与数字签名中存储的哈希不匹配。“

更新$cert信息:

PSPath : Microsoft.PowerShell.Security\Certificate::currentuser\my\FDCD31216C3491C2809441344EE6EF5E01EB0550
PSParentPath : Microsoft.PowerShell.Security\Certificate::currentuser\my
PSChildName : FDCD31216C3491C2809441344EE6EF5E01EB0550
PSDrive : Cert
PSProvider : Microsoft.PowerShell.Security\Certificate
PSIsContainer : False
EnhancedKeyUsageList : {}
DnsNameList : {}
SendAsTrustedIssuer : False
Archived : False
Extensions : {System.Security.Cryptography.Oid,System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...;}
FriendlyName :
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
 NotAfter : 10/29/2016 4:05:37 PM
NotBefore : 10/29/2015 3:45:37 PM
HasPrivateKey : True
PrivateKey :
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 225...;}
SerialNumber : 60A14A915A0FAFA12311B0998F5892C9
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : FDCD31216C3491C2809441344EE6EF5E01EB0550
Version : 3
Handle : 578311520
Issuer : CN=USER OU=Admin, OU=Admin and Service Accounts, DC=domoain
Subject : CN=USER, OU=Admin, OU=Admin and Service Accounts, DC=domain
我刚刚看了一下我的域代码签名证书,它有
PrivateKey
属性以及
code签名
列在其
EnhancedKeyUsageList
属性下:

PSPath                   : Microsoft.PowerShell.Security\Certificate::CurrentUser\My\XXX
PSParentPath             : Microsoft.PowerShell.Security\Certificate::CurrentUser\My
PSChildName              : XXX
PSDrive                  : Cert
PSProvider               : Microsoft.PowerShell.Security\Certificate
PSIsContainer            : False
EnhancedKeyUsageList     : {Code Signing (1.3.6.1.5.5.7.3.3)}
DnsNameList              : {XXX}
SendAsTrustedIssuer      : False
EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
PolicyId                 :
Archived                 : False
Extensions               : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
                           System.Security.Cryptography.Oid...}
FriendlyName             : XXX
IssuerName               : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter                 : XXX
NotBefore                : XXX
HasPrivateKey            : True
PrivateKey               : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey                : System.Security.Cryptography.X509Certificates.PublicKey
RawData                  : XXX
SerialNumber             : XXX
SubjectName              : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm       : System.Security.Cryptography.Oid
Thumbprint               : XXX
Version                  : 3
Handle                   : XXX
Issuer                   : XXX
Subject                  : XXX
这使我怀疑您的证书是否对代码签名有效。您可能希望重新访问您的证书请求并确保

$error结束后包含什么?

$cert变量是否返回正确的证书?@bentek Yes。但是,当我键入$cert.privatekey时,没有显示任何内容。您是如何重新编码并验证脚本是否为UTF8的?尝试过:“C:\Scripts\Certtestnew.ps1”|输出文件“C:\Scripts\Certtestnew2.ps1”-编码UTF8并尝试过:$psISE.CurrentFile.Save([Text.encoding]::UTF8)。通过在记事本++中打开来验证文件是否为UTF-8。在发卡行上,DC=domoain——这是一个打字错误吗?我知道这个老问题,但我目前遇到了相同的问题,$error对此一无所知