PowerShell Logo Small

Set-AuthenticodeSignature



This is the built-in help made by Microsoft for the command 'Set-AuthenticodeSignature', in PowerShell version 2 - as retrieved from Windows version 'Microsoft® Windows Vista™ Ultimate ' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Adds an Authenticode signature to a Windows PowerShell script or other file.

SYNTAX


Set-AuthenticodeSignature [-FilePath] <string[]> [-Certificate] <X509Certificate2> [-Force] [-HashAlgorithm <string>] [-IncludeChain <string>] [-
TimestampServer <string>] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-AuthenticodeSignature cmdlet adds an Authenticode signature to any file that supports Subject Interface Package (SIP).

In a Windows PowerShell script file, the signature takes the form of a block of text that indicates the end of the instructions that are executed
in the script. If there is a signature in the file when this cmdlet runs, that signature is removed.



<

RELATED LINKS

Online version: http://go.microsoft.com/fwlink/?LinkID=113391
about_Signing
about_Execution_Policies
Get-AuthenticodeSignature
Get-PfxCertificate
Get-ExecutionPolicy
Set-ExecutionPolicy

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

C:\PS>$cert=Get-ChildItem -Path cert:\CurrentUser\my -CodeSigningCert

C:\PS>Set-AuthenticodeSignature -FilePath PsTestInternet2.ps1 -certificate $cert



Description
-----------
These commands retrieve a code-signing certificate from the Windows PowerShell certificate provider and use it to sign a Windows PowerShell scrip
t.

The first command uses the Get-ChildItem cmdlet and the Windows PowerShell certificate provider to get the certificates in the Cert:\CurrentUser\
My subdirectory of the certificate store. (The Cert: drive is the drive exposed by the certificate provider.) The CodeSigningCert parameter, whic
h is supported only by the certificate provider, limits the certificates retrieved to those with code-signing authority. The command stores the r
esult in the $cert variable.

The second command uses the Set-AuthenticodeSignature cmdlet to sign the PSTestInternet2.ps1 script. It uses the FilePath parameter to specify th
e name of the script and the Certificate parameter to specify that the certificate is stored in the $cert variable.








-------------------------- EXAMPLE 2 --------------------------

C:\PS>$cert = Get-PfxCertificate C:\Test\Mysign.pfx

C:\PS>Set-AuthenticodeSignature -Filepath ServerProps.ps1 -Cert $cert



Description
-----------
These commands use the Get-PfxCertificate cmdlet to find a code signing certificate. Then, they use it to sign a Windows PowerShell script.

The first command uses the Get-PfxCertificate cmdlet to find the C:\Test\MySign.pfx certificate and store it in the $cert variable.

The second command uses Set-AuthenticodeSignature to sign the script. The FilePath parameter of Set-AuthenticodeSignature specifies the path to t
he script file being signed and the Cert parameter passes the $cert variable containing the certificate to Set-AuthenticodeSignature.

If the certificate file is password protected, Windows PowerShell prompts you for the password.








-------------------------- EXAMPLE 3 --------------------------

C:\PS>Set-AuthenticodeSignature -filepath c:\scripts\Remodel.ps1 -certificate $cert -IncludeChain All -TimeStampServer "http://timestamp.fabrikam
.com/scripts/timstamper.dll"



Description
-----------
This command adds a digital signature that includes the root authority in the trust chain, and it is signed by a third-party timestamp server.

The command uses the FilePath parameter to specify the script being signed and the Certificate parameter to specify the certificate that is saved
in the $cert variable. It uses the IncludeChain parameter to include all of the signatures in the trust chain (including the root authority). It
also uses the TimeStampServer parameter to add a timestamp to the signature. This prevents the script from failing when the certificate expires.