Signtool me permet de signer du code mais AuthenticodeSignature dit le “certificat n'est pas adapté pour la signature de code”

J'ai un auto-signé certificat de signature de code (avec les directions à partir de cette réponse) et il fonctionne très bien quand j'utilise signtool.exe. Mais si j'essaie de le signer à l'aide de Powershell, il échoue.

Signature avec signtool

C:\>signtool sign /v /n "VetWeb" SetupRDPPermissions.ps1
The following certificate was selected:
    Issued to: VetWeb
    Issued by: VetWeb CA
    Expires:   Sat Dec 31 18:59:59 2039
    SHA1 hash: 84136EBF8D2603C2CD6668C955F920C6C6482EE4

Done Adding Additional Store
Successfully signed: SetupRDPPermissions.ps1

Number of files successfully Signed: 1
Number of warnings: 0

Signature en Powershell

PS C:\> $cert = @(Get-Childitem cert:\CurrentUser\My | Where-Object -FilterScript {$_.Subject -eq 'CN=VetWeb'})[0]
PS C:\> Set-AuthenticodeSignature SetupRDPPermissions.ps1 $cert
Set-AuthenticodeSignature : Cannot sign code. The specified certificate is not suitable for code signing.
At line:1 char:26
+ Set-AuthenticodeSignature <<<<  SetupRDPPermissions.ps1 $cert
+ CategoryInfo          : InvalidArgument: (:) [Set-AuthenticodeSignature], PSArgumentException
+ FullyQualifiedErrorId : Argument,Microsoft.PowerShell.Commands.SetAuthenticodeSignatureCommand
PS C:\> $cert | format-list *
PSPath             : Microsoft.PowerShell.Security\Certificate::CurrentUser\My\84136EBF8D2603C2CD6668C955F920C6C6482EE4
PSParentPath       : Microsoft.PowerShell.Security\Certificate::CurrentUser\My
PSChildName        : 84136EBF8D2603C2CD6668C955F920C6C6482EE4
PSDrive            : cert
PSProvider         : Microsoft.PowerShell.Security\Certificate
PSIsContainer      : False
Archived           : False
Extensions         : {System.Security.Cryptography.Oid}
FriendlyName       :
IssuerName         : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter           : 12/31/2039 5:59:59 PM
NotBefore          : 6/1/2012 1:49:31 PM
HasPrivateKey      : True
PrivateKey         : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey          : System.Security.Cryptography.X509Certificates.PublicKey
RawData            : {48, 130, 1, 235...}
SerialNumber       : CF330347F35AC0B4427AFFA82DB51238
SubjectName        : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint         : 84136EBF8D2603C2CD6668C955F920C6C6482EE4
Version            : 3
Handle             : 479608336
Issuer             : CN=VetWeb CA
Subject            : CN=VetWeb

Pourquoi puis-je m'inscrire à l'aide de signtool.exe mais pas de Powershell?


P. S. de course Get-Childitem cert:\CurrentUser\My -CodeSigningCert ne retourne pas de résultat.

OriginalL'auteur Scott Chamberlain | 2012-06-07