question

GerritDeike-2964 avatar image
0 Votes"
GerritDeike-2964 asked LeilaKong-MSFT answered

What happens to a PowerShell Script when it is signed and the certificate is revoked/expires?

Hi!

Within our company we are discussing to have new PowerShell scripts digitally signed. But now a question has poped up that I can't answer:

What happens to a PowerShell Script when it is signed and the certificate is revoked/expires?

The fear is that, since we have several scripts we use for automation, that these would stop working if the scripts were signed and the certificate with which they were signed were to be revoked or would expire. Can anyone tell me if this fear is founded? Better yet, what does happen in this scenario?

Thanks in advance.

Best Regards,

Gerrit Deike

windows-server
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Are you planning to deploy scripts in every single clients or they will be remains in the server and they will just being called from the server?

0 Votes 0 ·

The Scripts will be deployed to a server farm and replicated to each server within the farm.

0 Votes 0 ·

1 Answer

LeilaKong-MSFT avatar image
0 Votes"
LeilaKong-MSFT answered

Hello @GerritDeike-2964 ,

Thanks for your query.

If you timestamp your code while the certificate is valid the effect is that your expired certificates are good.
Code Signing Certificates are valid for 1 or 2 years depending on which life cycle you choose when you purchase the certificate. Please note: For Microsoft® Authenticode® (Multi-Purpose), you should also timestamp your signed code to avoid your code expiring when your certificate expires.
Microsoft® Authenticode® (Multi-Purpose) allows you to timestamp your signed code. Timestamping ensures that code will not expire when the certificate expires because the browser validates the timestamp.

What happens when a code signing certificate expires?: https://stackoverflow.com/questions/329396/what-happens-when-a-code-signing-certificate-expires


Best regards,
Leila


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.