Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Troubles with creating a private key to sign a PowerShell Script with makecert

  • Please log in to reply
1 reply to this topic

#1 olspookishmagus


  • Members
  • 2 posts
  • Gender:Male
  • Location:Multiverse
  • Local time:08:25 AM

Posted 04 October 2017 - 08:59 AM


I'm struggling to create a private key in order then to use to sign a PowerShell Script and I would really use some help on this.

Firstly I wanted to be able to run PowerShell scripts without having to lower PowerShell's Execution-Policy and in order to do that one should have to be able to sign scripts.

Therefore and after installing the Windows SDK I'm trying to create a private key (and then a certificate) in order to be able to sign scripts.

But this fails likewise:
C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin>makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku -r -sv root.pvk root.cer -ss Root -sr localMachine
Error: Can't create the key of the subject ('root.pvk')
And so I've begun trying to debug this, with no success.

So far I've checked with these:
  • I checked with makecert's documentation to check whether the command parameters are correct
  • executed the command from within a non-special directory
  • executed the command as the local Administrator user
  • executed the command from an "elevated" Command Prompt or an "elevated" PowerShell
  • made sure the security permissions for _ALL_ the Crypto/RSA directories are set as indicated
If you have any ideas or you would like to share your insights or have me walk again over again something I've already tried/mentioned please feel free to comment.

Thanks in advance.

Edited by hamluis, 04 October 2017 - 10:14 AM.
Moved from XP to Programming - Hamluis.

BC AdBot (Login to Remove)


#2 olspookishmagus

  • Topic Starter

  • Members
  • 2 posts
  • Gender:Male
  • Location:Multiverse
  • Local time:08:25 AM

Posted 11 October 2017 - 08:19 AM

OK, this has been resolved following some guidance receive in another community I cross-posted this to and now the least I can do for it is to update this thread with the solution along with my apologies.

As it seems, the makecert I was trying to execute that command was not the correct one. The correct one comes bundled with the Windows SDK I've already linked and it has version: 6.1.7600.16385 and SHA1SUM: 7fd7f36b5acbe69de6c966b397341fd1ddbb04a1.

With that particular makecert the above command with those options (and even more advanced ones) are being carried out flawlessly.


Edited by olspookishmagus, 11 October 2017 - 08:20 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users