I'm having some trouble loading a PowerShell module I've developed. I'm working on a domain where I've installed the CA tool and properly signed both the .psm1 and .psd1 files. However, when attempting to load the module on various domain endpoints—including the Domain Controller where the signing occurred—I keep getting a pop-up that says:
"Do you want to run software from this untrusted publisher?"
The message indicates that the module is published by my account, showing my domain details, but it isn't recognized as trusted on my system. I'm aware that I need to ensure I'm only running scripts from trusted publishers—but I'm puzzled about what might be wrong. I've checked the signature with Get-AuthenticodeSignature, and it says everything is valid. Am I overlooking something in the process of signing the files and deploying them across the enterprise? I'm using PDQDeploy for copying files to the right locations and handling the import-module task, and my execution policy is set to RemoteSigned.
2 Answers
Have you considered the possibility of missing an intermediate certificate? Sometimes the signing process doesn't include every certificate required for verification. You might want to try signing with the `-IncludeChain all` option to ensure all necessary certificates are part of the signature block.
It sounds like you're dealing with a couple of checks when it comes to signed modules. First off, there's the authenticode check, which is just verifying that the signature is valid and signed by a trusted CA. Then, there's the check to see if the certificate is in your Trusted Publishers store. That's usually when you see the prompt you mentioned.
To avoid that prompt, you'll need to manually import the certificate into the Trusted Publishers store. You can do this by running a script like:
$cert = (Get-AuthenticodeSignature -FilePath ...).SignerCertificate
$store = Get-Item Cert:CurrentUserTrustedPublisher
$store.Open('ReadWrite')
$store.Add($cert)
$store.Dispose()
After that, you shouldn't see the untrusted publisher warning again if everything goes smoothly.
Related Questions
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically
[Centos] Delete All Files And Folders That Contain a String