|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
09-14-2009
| #1 (permalink) |
| | self created root certificate still not trusted Hi, i used the latest makecert (ship with vsts 2008) to create a self signed root certificate, and added it into my root certificate store makecert -n "CN=My Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk -ss Root root.cer then i used the following command to create a certificate for my powershell script, and added it into my personal store makecert -pe -n "CN=My Cer" -ss My -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv ..\root.pvk -ic .\root.cer then i signed my script with the following command Set-AuthenticodeSignature .\profile.ps1 @(ls cert:\CurrentUser\my -CodeSigningCert)[0] my script execution policy is set the 'allsigned', and whenever i ran my powershell script, i am prompted with the following question Do you want to run software from this untrusted publisher? File ...\WindowsPowerShell\profile.ps1 is published by CN=My Cer and is not trusted on your system. Only run scripts from trusted publishers. [V] Never run [D] Do not run [R] Run once [A] Always run [?] Help (default is "D"): using the certmgr.msc, i see my self-signed certificate is in the 'Trusted Root Certification Authorities' folder. why the certificate i used to sign my script is still not trusted? should i sign my script using the self-signed certificate directly? |
My System Specs |
|
09-15-2009
| #2 (permalink) |
| | Re: self created root certificate still not trusted you need add yor signing certificate to Trusted Publishers container in certmgr.msc. If you have Windows Server 2008, why you use makecert.exe? Instead you should create your corporate CA. -- WBR, Vadims Podans MVP: PowerShell PowerShell blog - www.sysadmins.lv <davidshen84@newsgroup> rakstija zinojuma "news:72dc0287-1e02-43fa-89c3-15b673690ef0@newsgroup"... Quote: > Hi, > > i used the latest makecert (ship with vsts 2008) to create a self > signed root certificate, and added it into my root certificate store > > makecert -n "CN=My Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv > root.pvk -ss Root root.cer > > then i used the following command to create a certificate for my > powershell script, and added it into my personal store > > makecert -pe -n "CN=My Cer" -ss My -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv > .\root.pvk -ic .\root.cer > > then i signed my script with the following command > > Set-AuthenticodeSignature .\profile.ps1 @(ls cert:\CurrentUser\my > -CodeSigningCert)[0] > > my script execution policy is set the 'allsigned', and whenever i ran > my powershell script, i am prompted with the following question > > Do you want to run software from this untrusted publisher? > File ...\WindowsPowerShell\profile.ps1 is published by CN=My Cer and > is not trusted on your > system. Only run scripts from trusted publishers. > [V] Never run [D] Do not run [R] Run once [A] Always run [?] Help > (default is "D"): > > using the certmgr.msc, i see my self-signed certificate is in the > 'Trusted Root Certification Authorities' folder. why the certificate i > used to sign my script is still not trusted? should i sign my script > using the self-signed certificate directly? |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Microsoft`s Silent Trusted Root Authority update is Invalid? | Vista News | |||
| Trusted Root Certification Authorities | Vista networking & sharing | |||
| Adding certificate to trusted root authority | Vista security | |||
| Trusted CA dissapearing from certificate store | Vista security | |||
