Read certificate info from signed executable?

Is there any way in PowerShell (or a CLI tool that I can call from PowerShell) to read the certificate information from a signed executable (or script)? I’m looking for a scripted way to collect publisher information from files for use in AppLocker policies and my Google-foo is only finding articles about signing things or reading certificates from the central store.

Really? :wink:

Powershell get executable signature

Wow. Just wow.

I already said that I had searched for the answer, yet you give me a LMGTFY link. Nice.

I also already found Get-AuthenticodeSignature (which I didn’t say above, so, my bad), but it doesn’t seem to return much of use. The Get-Help information (including -Online) doesn’t say anything about accessing more than the signature thumbprint.

Your smart-alecky link, however, did show an MSDN blog post that had an example with this:

$(Get-AuthenticodeSignature myfile.exe).SignerCertificate.Subject

This is what I needed … looking at the properties of the Certificate object that’s returned by Get-AuthenticodeSignature. So, thanks for the info, but your delivery could use some work.

thanks for the info, but your delivery could use some work.
I was not supposed to spoil you. I just wanted to push you to the right direction. ;-) :-D ... and it worked out perfectly. Great.