Cannot sign Code

Hi all. I am currently finding a way to sign my code.

I have a prototype with 3 servers (DC, CA, and normal server) and i follow this guide.

Everything is working fine execpt when i try to sign with another account user1 (with administrator right), it is also member of the codesigning group i created for the certificate.

I tried two options:

$cert = @(get-childitem -Path Cert:\Currentuser\TrustedPublishers)[0]

Set-AuthenticationSignature C:\users\username\Documents\Script.ps1 -Certifcate $cert


$cert = @(get-childitem -Path Cert:\Currentuser\My)[0]

Set-AuthenticationSignature C:\users\username\Documents\Script.ps1 -Certifcate $cert

Here i manual copied the certificatie from TrustedPublishers to the personal folder.

Both i get the error: Cannot sign code. The specified certificate is not suitable for code signing.

When i Sign a scripts as administrator (that requested the certifcate) i get no problem.

Can someone help me out what is going on?


Edit: I continued testing with the certificate

It helped to export the certificate with private key and imported in the grouppolicy.

But now with any any account i am getting the message Unknown error when signing a script.

Anyone an idea about that?