I can't seem to get my scripts to sign in PowerShell. I have a valid code signing cert installed on my machine and run the following commands. Any suggestions?
PS C:\Users\u00\bin> $cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]
PS C:\Users\u00\bin> $cert | fl
Subject : E=operations@contoso.com, CN=contoso , OU=Operations, O=contoso,
L=Mayberry, S=Florida, C=US
Issuer : CN=contoso Intermediate CA1, DC=contoso, DC=com
Thumbprint : XXXXXXXXXXXXXXXXXXXXX
FriendlyName : contoso
NotBefore : 7/20/2010 12:58:55 AM
NotAfter : 7/20/2011 12:58:55 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oi
ystem.Security.Cryptography.Oid...}
PS C:\Users\u00\bin> Set-AuthenticodeSignature .\testsign.ps1 -Certificate $cert
Directory: C:\Users\u00\bin
SignerCertificate Status Path
----------------- ------ ----
UnknownError testsign.ps1
PS C:\Users\u00\bin> Get-AuthenticodeSignature .\testsign.ps1
Directory: C:\Users\u00\bin
SignerCertificate Status Path
----------------- ------ ----
NotSigned testsign.ps1
Best Answer
Figured it out. The script file was created using PowerShell ISE and apparently you can't sign scripts created in PowerShell ISE or more accurately you can't sign Unicode Big Endian encoded files which is the default for ISE. There's workaround to change the default encoding as documented in link.
Originally added to question by Chad Miller. Relocated his update to an answer so this question no longer shows up as unanswered.