通过Set-Authenticode签名对powershell脚本进行签名时出现未知错误
我已从受信任的CA获得代码签名证书。我正在尝试在PowerShell ISE中对脚本进行签名,但收到“UnknownError”。我已尝试将脚本编码为UTF-8,但仍收到相同的错误。我已经验证了脚本也是UTF-8通过Set-Authenticode签名对powershell脚本进行签名时出现未知错误,powershell,certificate,powershell-3.0,Powershell,Certificate,Powershell 3.0,我已从受信任的CA获得代码签名证书。我正在尝试在PowerShell ISE中对脚本进行签名,但收到“UnknownError”。我已尝试将脚本编码为UTF-8,但仍收到相同的错误。我已经验证了脚本也是UTF-8 $cert=(dir cert:currentuser\my\ -CodeSigningCert) Set-AuthenticodeSignature C:\Scripts\Certtestnew.ps1 $cert 尽管我得到了“UnknownError”,但它似乎仍然在脚本上签名
$cert=(dir cert:currentuser\my\ -CodeSigningCert)
Set-AuthenticodeSignature C:\Scripts\Certtestnew.ps1 $cert
尽管我得到了“UnknownError”,但它似乎仍然在脚本上签名。虽然,当我运行脚本时,我收到“C:\Scripts\Certtestnew.ps1文件的内容可能已被篡改,因为
文件与数字签名中存储的哈希不匹配。“
更新$cert信息:
PSPath : Microsoft.PowerShell.Security\Certificate::currentuser\my\FDCD31216C3491C2809441344EE6EF5E01EB0550
PSParentPath : Microsoft.PowerShell.Security\Certificate::currentuser\my
PSChildName : FDCD31216C3491C2809441344EE6EF5E01EB0550
PSDrive : Cert
PSProvider : Microsoft.PowerShell.Security\Certificate
PSIsContainer : False
EnhancedKeyUsageList : {}
DnsNameList : {}
SendAsTrustedIssuer : False
Archived : False
Extensions : {System.Security.Cryptography.Oid,System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...;}
FriendlyName :
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 10/29/2016 4:05:37 PM
NotBefore : 10/29/2015 3:45:37 PM
HasPrivateKey : True
PrivateKey :
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 225...;}
SerialNumber : 60A14A915A0FAFA12311B0998F5892C9
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : FDCD31216C3491C2809441344EE6EF5E01EB0550
Version : 3
Handle : 578311520
Issuer : CN=USER OU=Admin, OU=Admin and Service Accounts, DC=domoain
Subject : CN=USER, OU=Admin, OU=Admin and Service Accounts, DC=domain
我刚刚看了一下我的域代码签名证书,它有
PrivateKey
属性以及code签名
列在其EnhancedKeyUsageList
属性下:
PSPath : Microsoft.PowerShell.Security\Certificate::CurrentUser\My\XXX
PSParentPath : Microsoft.PowerShell.Security\Certificate::CurrentUser\My
PSChildName : XXX
PSDrive : Cert
PSProvider : Microsoft.PowerShell.Security\Certificate
PSIsContainer : False
EnhancedKeyUsageList : {Code Signing (1.3.6.1.5.5.7.3.3)}
DnsNameList : {XXX}
SendAsTrustedIssuer : False
EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
PolicyId :
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}
FriendlyName : XXX
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : XXX
NotBefore : XXX
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : XXX
SerialNumber : XXX
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : XXX
Version : 3
Handle : XXX
Issuer : XXX
Subject : XXX
这使我怀疑您的证书是否对代码签名有效。您可能希望重新访问您的证书请求并确保
$error结束后包含什么?$cert变量是否返回正确的证书?@bentek Yes。但是,当我键入$cert.privatekey时,没有显示任何内容。您是如何重新编码并验证脚本是否为UTF8的?尝试过:“C:\Scripts\Certtestnew.ps1”|输出文件“C:\Scripts\Certtestnew2.ps1”-编码UTF8并尝试过:$psISE.CurrentFile.Save([Text.encoding]::UTF8)。通过在记事本++中打开来验证文件是否为UTF-8。在发卡行上,DC=domoain——这是一个打字错误吗?我知道这个老问题,但我目前遇到了相同的问题,$error对此一无所知