Codesign – How do I determine the name of the digital certificate to be used to sign the script.

How do I determine the name of the digital certificate to be used to sign the script.

Question:
I have a *large* number of scripts and exe’s that need to be signed. The following scripts from the Microsoft TechNet web site, that signs all scripts in a given folder. The script requires use the SignFile method, specifying both the file name of the script to be signed and the name of the digital certificate to be used to sign the script

Microsoft Scripting Guide

WSH 5.6 includes the Scripting.Signer object that allows you to digitally sign a script using another script. To do this you need to:

Create an instance of the Scripting.Signer object.

Use the SignFile method, specifying both the file name of the script to be signed and the name of the digital certificate to be used to sign the script.

For example, this script uses the IT Department certificate to sign the script

C:\Scripts\CreateUsers.vbs.

set objSigner = WScript.CreateObject(“Scripting.Signer”) objSigner.SignFile “C:\Scripts\CreateUsers.vbs”, “IT Department”

You can also digitally sign a number of scripts at the same time. This script loops through and signs all the files found in the C:\Scripts folder. (The assumption is that the only scripts are stored in C:\Scripts.)

set objSigner = WScript.CreateObject(“Scripting.Signer”)

Set objFSO = CreateObject(“Scripting.FileSystemObject”)

Set objFolder = objFSO.GetFolder(“c:\scripts”)

Set colListOfFiles = objFolder.Files

For each objFile in colListOfFiles

objSigner.SignFile objFile.Name, “IT Department”

The next step is to modify the the Code Sign cert friendly name.

There is no friendly name when I look at the certificate. How can this be changed?

Friendly name within the MMC snap in window.

Click the Start Button then select Run and type mmc Click File and select Add/Remove Snap in Select Add, select Certificates from the Add Standalone Snap-in box and click Add Select Computer Account and click Finish (note: This step is very important. It must be the computer account and not the current user account) Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in Return to the MMC To modify the friendly name go to the Personal, certificates Select the code sign cert and right click Properties

You should now see the friendly name field which can be modified to suit your needs.

Comments are closed.