There is most likely a facet of script signing that I do not understand, but I am having an issue with signing a basic PS script for testing.
I have a valid MS enterprise Code Signing cert located in the Trusted Publishers Folder that expires in Oct of 2020. (I have obfuscated certain elements).
Get-ChildItem Cert:\CurrentUser\TrustedPublisher XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX CN=Brian Clanton, OU=XXX, DC=XXXXX, DC=local
I have attempted to sign my script, referencing it via thumbprint and it indicates that the script is not suitable.
S
Set-AuthenticodeSignature C:\Utility\TPScript\BCLoginTest.ps1 @(Get-ChildItem Cert:\CurrentUser\TrustedPublisher\XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX[0] Set-AuthenticodeSignature : Cannot sign code. The specified certificate is not suitable for code signing. At line:1 char:1 + Set-AuthenticodeSignature C:\Utility\TPScript\BCLoginTest.ps1 @(Get-C ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Set-AuthenticodeSignature], PSArgumentException + FullyQualifiedErrorId : Argument,Microsoft.PowerShell.Commands.SetAuthenticodeSignatureCommand
Most of the examples I see is for Self Signed Certs where they are referencing the Personal Cert folder, so I think I may be missing a step in the preparation of the Cert?
Does anyone see my error?