2015-11-04 66 views
0

我從我們的可信CA獲得了代碼簽名證書。我試圖在PowerShell ISE中籤署一個腳本,但得到「UnknownError」。我曾嘗試將腳本編碼爲UTF-8,但我仍然收到相同的錯誤。我已經驗證腳本是UTF-8。通過Set-AuthenticodeSignature對powershell腳本進行簽名時出現UnknownError

$cert=(dir cert:currentuser\my\ -CodeSigningCert) 
Set-AuthenticodeSignature C:\Scripts\Certtestnew.ps1 $cert 

即使我得到「UnknownError」,它仍然似乎簽署腳本。雖然,當我運行腳本時,我收到「文件C:\ Scripts \ Certtestnew.ps1的內容可能已被篡改,因爲 文件的散列與存儲在數字簽名中的散列不匹配。」

UPDATE $證書信息:

PSPath : Microsoft.PowerShell.Security\Certificate::currentuser\my\FDCD31216C3491C2809441344EE6EF5E01EB0550 
PSParentPath : Microsoft.PowerShell.Security\Certificate::currentuser\my 
PSChildName : FDCD31216C3491C2809441344EE6EF5E01EB0550 
PSDrive : Cert 
PSProvider : Microsoft.PowerShell.Security\Certificate 
PSIsContainer : False 
EnhancedKeyUsageList : {} 
DnsNameList : {} 
SendAsTrustedIssuer : False 
Archived : False 
Extensions : {System.Security.Cryptography.Oid,System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...;} 
FriendlyName : 
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName 
NotAfter : 10/29/2016 4:05:37 PM 
NotBefore : 10/29/2015 3:45:37 PM 
HasPrivateKey : True 
PrivateKey : 
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey 
RawData : {48, 130, 5, 225...;} 
SerialNumber : 60A14A915A0FAFA12311B0998F5892C9 
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName 
SignatureAlgorithm : System.Security.Cryptography.Oid 
Thumbprint : FDCD31216C3491C2809441344EE6EF5E01EB0550 
Version : 3 
Handle : 578311520 
Issuer : CN=USER OU=Admin, OU=Admin and Service Accounts, DC=domoain 
Subject : CN=USER, OU=Admin, OU=Admin and Service Accounts, DC=domain 
+0

$ cert變量是否返回正確的證書? – bentek

+0

@bentek是的。但是,當我鍵入$ cert.privatekey時,什麼也沒有顯示。 – user3711442

+0

你是如何重新編碼和驗證腳本是UTF8的? – bentek

回答

0

我剛剛看了一下我的域代碼簽名證書,並具有PrivateKey財產所有權以及Code Signing下其EnhancedKeyUsageList屬性中列出:

PSPath     : Microsoft.PowerShell.Security\Certificate::CurrentUser\My\XXX 
PSParentPath    : Microsoft.PowerShell.Security\Certificate::CurrentUser\My 
PSChildName    : XXX 
PSDrive     : Cert 
PSProvider    : Microsoft.PowerShell.Security\Certificate 
PSIsContainer   : False 
EnhancedKeyUsageList  : {Code Signing (1.3.6.1.5.5.7.3.3)} 
DnsNameList    : {XXX} 
SendAsTrustedIssuer  : False 
EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty 
EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty 
PolicyId     : 
Archived     : False 
Extensions    : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, 
          System.Security.Cryptography.Oid...} 
FriendlyName    : XXX 
IssuerName    : System.Security.Cryptography.X509Certificates.X500DistinguishedName 
NotAfter     : XXX 
NotBefore    : XXX 
HasPrivateKey   : True 
PrivateKey    : System.Security.Cryptography.RSACryptoServiceProvider 
PublicKey    : System.Security.Cryptography.X509Certificates.PublicKey 
RawData     : XXX 
SerialNumber    : XXX 
SubjectName    : System.Security.Cryptography.X509Certificates.X500DistinguishedName 
SignatureAlgorithm  : System.Security.Cryptography.Oid 
Thumbprint    : XXX 
Version     : 3 
Handle     : XXX 
Issuer     : XXX 
Subject     : XXX 

這會導致我查詢您的證書是否適用於代碼簽名。您可能想重新訪問您的證書請求並確保。

$ error包含後會有什麼變化?