jakub-g · September 23, 2017 23:06 · Sep 19, 2014 · Sep 19, 2014 · Sep 19, 2014 · Sep 19, 2014
diff --git a/FirstSteps_With_The_Signature.ps1 b/FirstSteps_With_The_Signature.ps1
@@ -1,3 +1,5 @@
 get-help Set-AuthenticodeSignature -detailed
+get-help Set-ExecutionPolicy -detailed
+Set-ExecutionPolicy remotesigned
 $cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
 Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer
diff --git a/FirstSteps_With_The_Signature.ps1 b/FirstSteps_With_The_Signature.ps1
@@ -1,2 +1,3 @@
+get-help Set-AuthenticodeSignature -detailed
 $cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
 Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer
diff --git a/FirstSteps_With_The_Signature.ps1 b/FirstSteps_With_The_Signature.ps1
@@ -0,0 +1,2 @@
+$cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
+Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer
diff --git a/makeauthority.sh b/makeauthority.sh
@@ -1,6 +1,6 @@
 # Run this once
 
-# Borrowed from 
+# Borrowed from http://bit.do/SwCv
 
 openssl genrsa -des3 -out ca.key 4096
 openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -x509 -days 365 -out ca.crt -key ca.key
diff --git a/makecert.sh b/makecert.sh
@@ -1,6 +1,6 @@
 # Run this for each code developer account.  The system must install the CA cert and the resulting p12 file in order to be happy.
 
-# Borrowed from 
+# Borrowed from http://bit.do/SwCv
 
 openssl genrsa -des3 -out codesign.key 4096
 openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -out codesign.csr -key codesign.key -reqexts v3_req

diff --git a/C:\Program Files (x86)\Git\ssl\openssl.cnf b/C:\Program Files (x86)\Git\ssl\openssl.cnf
@@ -0,0 +1,18 @@
+# -------------- In my case it was this location, change accordingly -----------
+#                I only show here the part of that file I changed
+## [ v3_req ]
+##
+### Extensions to add to a certificate request
+##
+##basicConstraints = CA:FALSE
+##keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+subjectKeyIdentifier=hash
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature
+extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
+nsCertType = client, email, objsign
diff --git a/makeauthority.sh b/makeauthority.sh
@@ -1,3 +1,6 @@
 # Run this once
+
+# Borrowed from 
+
 openssl genrsa -des3 -out ca.key 4096
-openssl req -new -x509 -days 365 -key ca.key -out ca.crt
+openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -x509 -days 365 -out ca.crt -key ca.key
diff --git a/makecert.sh b/makecert.sh
@@ -1,8 +1,8 @@
-# Run this for each email account.  The system must install the CA cert and the resulting p12 file in order to be happy.
+# Run this for each code developer account.  The system must install the CA cert and the resulting p12 file in order to be happy.
 
-# Borrowed from http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption
+# Borrowed from 
 
-openssl genrsa -des3 -out smime.key 4096
-openssl req -new -key smime.key -out smime.csr
-openssl x509 -req -days 365 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
-openssl pkcs12 -export -in smime.crt -inkey smime.key -out smime.p12
+openssl genrsa -des3 -out codesign.key 4096
+openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -out codesign.csr -key codesign.key -reqexts v3_req
+openssl x509 -req -days 365 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile ~/v3.cfg -set_serial 01 -out codesign.crt
+openssl pkcs12 -export -in codesign.crt -inkey codesign.key -out codesign.pfx
diff --git a/~\v3.cfg b/~\v3.cfg
@@ -0,0 +1,5 @@
+basicConstraints = CA:FALSE
+subjectKeyIdentifier=hash
+keyUsage = digitalSignature
+extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
+nsCertType = client, email, objsign
diff --git a/makecert.sh b/makecert.sh
@@ -1,8 +1,7 @@
-# Run this for each email account
+# Run this for each email account.  The system must install the CA cert and the resulting p12 file in order to be happy.
 
 # Borrowed from http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption
 
-
 openssl genrsa -des3 -out smime.key 4096
 openssl req -new -key smime.key -out smime.csr
 openssl x509 -req -days 365 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout

diff --git a/makeauthority.sh b/makeauthority.sh
@@ -1,3 +1,3 @@
-# Run this one
+# Run this once
 openssl genrsa -des3 -out ca.key 4096
 openssl req -new -x509 -days 365 -key ca.key -out ca.crt
diff --git a/makeauthority.sh b/makeauthority.sh
@@ -0,0 +1,3 @@
+# Run this one
+openssl genrsa -des3 -out ca.key 4096
+openssl req -new -x509 -days 365 -key ca.key -out ca.crt
diff --git a/makecert.sh b/makecert.sh
@@ -0,0 +1,9 @@
+# Run this for each email account
+
+# Borrowed from http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption
+
+
+openssl genrsa -des3 -out smime.key 4096
+openssl req -new -key smime.key -out smime.csr
+openssl x509 -req -days 365 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
+openssl pkcs12 -export -in smime.crt -inkey smime.key -out smime.p12
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		$cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
		Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer