Hi all. I am currently finding a way to sign my code.
I have a prototype with 3 servers (DC, CA, and normal server) and i follow this guide.
Everything is working fine execpt when i try to sign with another account user1 (with administrator right), it is also member of the codesigning group i created for the certificate.
I tried two options:
$cert = @(get-childitem -Path Cert:\Currentuser\TrustedPublishers)[0]
Set-AuthenticationSignature C:\users\username\Documents\Script.ps1 -Certifcate $cert
and
$cert = @(get-childitem -Path Cert:\Currentuser\My)[0]
Set-AuthenticationSignature C:\users\username\Documents\Script.ps1 -Certifcate $cert
Here i manual copied the certificatie from TrustedPublishers to the personal folder.
Both i get the error: Cannot sign code. The specified certificate is not suitable for code signing.
When i Sign a scripts as administrator (that requested the certifcate) i get no problem.
Can someone help me out what is going on?
Edit: I continued testing with the certificate
It helped to export the certificate with private key and imported in the grouppolicy.
But now with any any account i am getting the message Unknown error when signing a script.
Anyone an idea about that?