.NET Framework - "get-help about_signing" comment

Asked By Alexander Suhovey on 02-Feb-07 11:10 PM
Hello everyone.

I've searched this NG but didn't find this issue mentioned so I thought it'd
be good idea to let you know.

I've just installed PSH 1.0 for Vista x86 and while I was going through
initial script execution policy config and script signing process, I've
noticed that there appears to be an error/gaps in related documentation.
Following is a quote from "get-help about_signing":

====================================
To use MakeCert to create a certificate:

In an SDK Command Prompt window, run the following commands.

The first command creates a local certificate authority for your computer.
The second command generates a personal certificate from the certificate
authority:

makecert -n "CN=PowerShell Local Certificate Root" -a sha1 `
-eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer `
-ss Root -sr localMachine

makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 `
-eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
====================================


The problem is, since "SDK Command Prompt window" is a cmd.exe window,
correct line continuation character would be "^", not "`", which seems to be
the line continuation character for PSH.

Also, it fails to mention that to successfully execute first command (that
is, to add root cert to trusted root certs store), you need admin (in case
of Vista - elevated) privileges otherwise makecert command will partially
fail, meaning you'll get root.pvk and root.cer files but certificate will
not be added to the store with "access denied" error:

Error: Save encoded certificate to store failed => 0x5 (5)

Moreover, on Vista, if you execute second makecert command in the same
elevated command window as first one, you'd be adding code signing
certificate for your administrative account which may be different from your
normal day-to-day account (unless you are always running as member of
Administrators group). This is less of an issue but still can lead to
confusion at the actual script signing phase.


--
Alexander Suhovey




june replied on 03-Feb-07 10:28 AM
Bug noted. I'll investigate and update. Thanks for letting me know.


--
June Blender [MSFT]
Windows PowerShell Documentation
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.