Nowadays you need to sign even PowerShell scripts.
I you have a bunch of them you may need a PowerShell script to sign all your PowerShell's. :-)
# Define the path to the self-signed certificate
$certificatePath = "C:\temp\Code Signing Cert.pfx"
# Define the folder path containing the PowerShell scripts
$scriptFolder = "C:\PS1"
# Prompt for the certificate password
$certificatePassword = Read-Host -Prompt "Enter the password for the certificate" -AsSecureString
# Get the certificate object
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certificatePath, $certificatePassword)
# Get all .ps1 files in the script folder
$scriptFiles = Get-ChildItem -Path $scriptFolder -Filter "*.ps1" -File
# Loop through each script file and sign it
foreach ($scriptFile in $scriptFiles) {
# Check if the file already contains "signed" in its name
if ($scriptFile.Name -notlike "*signed*") {
# Generate the new filename with "signed" appended
$newFileName = $scriptFile.Name.Replace(".ps1", "_signed.ps1")
$newFilePath = Join-Path -Path $scriptFile.Directory.FullName -ChildPath $newFileName
try {
# Create a signed copy of the file with the "signed" filename
Copy-Item -Path $scriptFile.FullName -Destination $newFilePath
# Sign the script file
Set-AuthenticodeSignature -FilePath $newFilePath -Certificate $certificate -TimestampServer "http://timestamp.digicert.com" -ErrorAction Stop
Write-Host "Signed file created & signed: $newFileName"
}
catch {
Write-Host "Failed to sign file: $newFileName"
Write-Host "Error: $($_.Exception.Message)"
}
}
else {
Write-Host "File $($scriptFile.Name) already contains 'signed' in its name. Skipping..."
}
}