PowerShell Logo Small

Set-AuthenticodeSignature



This is the built-in help made by Microsoft for the command 'Set-AuthenticodeSignature', in PowerShell version 4 - as retrieved from Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Adds an Authenticode signature to a Windows PowerShell script or other file.

SYNTAX


Set-AuthenticodeSignature [-FilePath] <String[]> [-Certificate] <X509Certificate2> [-Force] [-HashAlgorithm <String>] [-IncludeChain <String>] [-TimestampServer <Stri
ng>] [-Confirm] [-WhatIf] [<CommonParameters>]
Set-AuthenticodeSignature [-Certificate] <X509Certificate2> [-Force] [-HashAlgorithm <String>] [-IncludeChain <String>] [-TimestampServer <String>] -LiteralPath <Stri
ng[]> [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-AuthenticodeSignature cmdlet adds an Authenticode signature to any file that supports Subject Interface Package (SIP).


In a Windows PowerShell script file, the signature takes the form of a block of text that indicates the end of the instructions that are executed in the script. If th
ere is a signature in the file when this cmdlet runs, that signature is removed.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=293940
Get-AuthenticodeSignature
Get-ExecutionPolicy
Get-PfxCertificate
Set-ExecutionPolicy
about_Execution_Policies
about_Signing

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>$cert=Get-ChildItem -Path cert:\CurrentUser\my -CodeSigningCert
PS C:\>Set-AuthenticodeSignature -FilePath PsTestInternet2.ps1 -certificate $cert



These commands retrieve a code-signing certificate from the Windows PowerShell certificate provider and use it to sign a Windows PowerShell script.

The first command uses the Get-ChildItem cmdlet and the Windows PowerShell certificate provider to get the certificates in the Cert:\CurrentUser\My subdirectory of th
e certificate store. (The Cert: drive is the drive exposed by the certificate provider.) The CodeSigningCert parameter, which is supported only by the certificate pro
vider, limits the certificates retrieved to those with code-signing authority. The command stores the result in the $cert variable.

The second command uses the Set-AuthenticodeSignature cmdlet to sign the PSTestInternet2.ps1 script. It uses the FilePath parameter to specify the name of the script
and the Certificate parameter to specify that the certificate is stored in the $cert variable.








-------------------------- EXAMPLE 2 --------------------------

PS C:\>$cert = Get-PfxCertificate C:\Test\Mysign.pfx
PS C:\>Set-AuthenticodeSignature -Filepath ServerProps.ps1 -Cert $cert



These commands use the Get-PfxCertificate cmdlet to find a code signing certificate. Then, they use it to sign a Windows PowerShell script.

The first command uses the Get-PfxCertificate cmdlet to find the C:\Test\MySign.pfx certificate and store it in the $cert variable.

The second command uses Set-AuthenticodeSignature to sign the script. The FilePath parameter of Set-AuthenticodeSignature specifies the path to the script file being
signed and the Cert parameter passes the $cert variable containing the certificate to Set-AuthenticodeSignature.

If the certificate file is password protected, Windows PowerShell prompts you for the password.








-------------------------- EXAMPLE 3 --------------------------

PS C:\>Set-AuthenticodeSignature -filepath c:\scripts\Remodel.ps1 -certificate $cert -IncludeChain All -TimeStampServer "http://timestamp.fabrikam.com/scripts/timstam
per.dll"



This command adds a digital signature that includes the root authority in the trust chain, and it is signed by a third-party timestamp server.

The command uses the FilePath parameter to specify the script being signed and the Certificate parameter to specify the certificate that is saved in the $cert variabl
e. It uses the IncludeChain parameter to include all of the signatures in the trust chain (including the root authority). It also uses the TimeStampServer parameter t
o add a timestamp to the signature. This prevents the script from failing when the certificate expires.