How to trust a certificate in Windows Powershell

Asked 11/1, 2012 at 6:37 Answered 8/1, 2014 at 16:43

powershell certificate signed pfx trusted

I am using Windows 7, and want to run signed scripts from Powershell, the security-settings of Powershell are set to "all-signed", and my scripts are signed with a valid certificate from my company. I have also added the .pfx-file to my local certificate store (right-clicked the pfx-file and installed).

However, when I start a signed script, I get a message that says:

"Do you want to run software from this untrusted publisher?
File Z:\Powershell Signed Scripts\signed.ps1 is published by CN=[MyCompanyName] and is not trusted on your system. Only run scripts from
 trusted publishers.
[V] Never run  [D] Do not run  [R] Run once  [A] Always run  [?] Help
(default is "D"):"

Since I want to automatically call these scripts on my systems, I would like to add my imported certificate to the trusted list on my system, so that I do not get a message anymore when I run a signed script for the first time. How can I make my certificate a trusted one?

Jamarjamb answered 11/1, 2012 at 6:37 Comment(1)

Are you sure that the public certificate of the certification authority that emit your développement certificate exists in your certificate repository ? – Anemograph 11/1, 2012 at 13:56

How to trust a certificate in Windows Powershell

Indeed, you can do this without any mmc :)

First, check the location of your personal certificate named for example "Power" :

Get-ChildItem -Recurse cert:\CurrentUser\ |where {$_ -Match "Power"} | Select PSParentPath,Subject,Issuer,HasPrivateKey |ft -AutoSize

(This one should be empty:)

gci cert:\CurrentUser\TrustedPublisher

Build the command with the path to your certificate:

$cert = Get-ChildItem    Certificate::CurrentUser\My\ABLALAH

Next work on certificate store (Here I work on two certificate store : user & computer)

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine"
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()

Check, you should find your certificate :

ls cert:\CurrentUser\TrustedPublisher

Octonary answered 8/1, 2014 at 16:43 Comment(2)

In your example to store the certificate, you are using "TrustedPublisher","LocalMachine" which is only accessible with Administrator priviliges. In the next lines you are referring to CurrentUser\TrustedPublisher which is accessible by users. Thus I would suggest to change "LocalMachine" to "CurrentUser" so that it becomes a full working example. – Contracted 3/2, 2017 at 7:15

That ls command!!! Yes!!! So glad you showed that in your answer. Super helpful. 👍🏽 – Cuisine 24/1, 2023 at 21:0

Sounds like you need to verify that the script is signed properly and that you have the correct certificate installed in the correct certificate store.

Use the Get-AuthenticodeSignature cmdlet to get information about the signed script.

Also review Scott's guide for signing certificates.

Shontashoo answered 11/1, 2012 at 14:26 Comment(1)

The certificate should be specifically put in the Trusted Publishers container – Tamberg 11/1, 2012 at 18:39

Recommended topics

Hot tags