PowerShell Script Signing

Support for all customers who have purchased a PrimalScript product license. This forum does not offer a response time guarantee.
Forum rules
DO NOT POST SUBSCRIPTION NUMBERS, LICENSE KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
Alexander Riedel
Posts: 6836
Joined: Tue May 29, 2007 4:43 pm

PowerShell Script Signing

Post by Alexander Riedel » Mon Jan 19, 2009 12:26 pm

No, actually it is a regular system component AFAIK.

http://www.microsoft.com/downloads/deta ... laylang=en

Please download this and install. That should do the trick.
Alex
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
ryanba
Posts: 28
Joined: Fri Dec 05, 2008 8:19 am

PowerShell Script Signing

Post by ryanba » Mon Jan 19, 2009 1:07 pm

I installed it but I still get the window that says Signing script with generic driver. I did however noticed that when the link you gave me installed and registered the capicom.dll it put in C:Program FilesMicrosoft CAPICOM 2.1.0.2 SDKLibX86. It shouldn't matter were the dll is, right, because it should of registered it?

-Ryan

User avatar
Alexander Riedel
Posts: 6836
Joined: Tue May 29, 2007 4:43 pm

PowerShell Script Signing

Post by Alexander Riedel » Mon Jan 19, 2009 4:13 pm

Doesn't matter where it is for now. Does it sign scripts now, that is the all important question. If yes, copy the old exe back and see if it still does.
If not, make sure to run regsvr32 against that dll and try again.
I'll attempt to figure out what the actual story with that dll is in the meantime.

Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
ryanba
Posts: 28
Joined: Fri Dec 05, 2008 8:19 am

PowerShell Script Signing

Post by ryanba » Wed Jan 21, 2009 2:11 am

I copied the capicom.dll to %windir%system32 and then used regsvr32 to register. I am now able to sign scripts using a PFX certificate, with and without a password.
Could you please make it known that in order to use the PFX certificate you need to have CAPICOM.dll registered just so someone doesn't run into the same problem I have and takes 2 months to resolve? (ie blog post about using PFX cerificates to sign powershell scripts http://www.sapien.com/blog/2008/07/02/s ... l-scripts/)

PrimalScript must COM out to use CAPICOM to get the certificate in order to sign it. I Googled CAPICOM and it looks like that Microsoft is stopping supporting CAPICOM.dll for .NET 3.5 and Windows 7 so I just thought I let you know about that. http://www.ditii.com/2009/01/20/capicom ... dev-tools/

Thank you for all your help and quick response in resolving this issue I greatly appreciate it and will help us out at our company in deploying PowerShell company wide.

-Ryanryanba2009-01-21 09:12:34

User avatar
Alexander Riedel
Posts: 6836
Joined: Tue May 29, 2007 4:43 pm

PowerShell Script Signing

Post by Alexander Riedel » Wed Jan 21, 2009 2:22 am

Yeah, thanks for the input. It is puzzling. CAPICOM used to be part of the core OS, apparently that quietly changed at some point.
We will package CAPICOM.dll with PrimalScript 2009 and add it to the next service build of 2007 as well.

As for the replacement functions Microsoft says to use (SignerSignEx)http://msdn.microsoft.com/en-us/library ... S.85).aspx
very little documentation exists.

Alex
Alexander Riedel
SAPIEN Technologies, Inc.