Signing Scripts

There is most likely a facet of script signing that I do not understand, but I am having an issue with signing a basic PS script for testing.

I have a valid MS enterprise Code Signing cert located in the Trusted Publishers Folder that expires in Oct of 2020. (I have obfuscated certain elements).

Get-ChildItem Cert:\CurrentUser\TrustedPublisher

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  CN=Brian Clanton, OU=XXX, DC=XXXXX, DC=local

 

I have attempted to sign my script, referencing it via thumbprint and it indicates that the script is not suitable.

 

S

Set-AuthenticodeSignature C:\Utility\TPScript\BCLoginTest.ps1 @(Get-ChildItem Cert:\CurrentUser\TrustedPublisher\XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX[0]

Set-AuthenticodeSignature : Cannot sign code. The specified certificate is not suitable for code signing.
At line:1 char:1
+ Set-AuthenticodeSignature C:\Utility\TPScript\BCLoginTest.ps1 @(Get-C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-AuthenticodeSignature], PSArgumentException
+ FullyQualifiedErrorId : Argument,Microsoft.PowerShell.Commands.SetAuthenticodeSignatureCommand

Most of the examples I see is for Self Signed Certs where they are referencing the Personal Cert folder, so I think I may be missing a step in the preparation of the Cert?

Does anyone see my error?

 

 

 

 

 

 

Hi Brian,

See if this discussion helps.

https://powershell.org/forums/topic/cannot-add-digital-signature-to-my-script/