API Reference
Cmdlet
Register-Certificate
Signs files in a path using a code-signing certificate (Windows and PowerShell Core supported).
Remarks
Signs PowerShell scripts/manifests (and optionally binaries) using Authenticode. When running in CI, prefer using a certificate from the Windows certificate store and referencing it by thumbprint.
Examples
Sign a module using a certificate from the current user store
PS>
Register-Certificate -Path 'C:\Git\MyModule\Module' -LocalStore CurrentUser -Thumbprint '0123456789ABCDEF' -WhatIf
Previews which files would be signed.
Sign using a PFX file
PS>
Register-Certificate -CertificatePFX 'C:\Secrets\codesign.pfx' -Path 'C:\Git\MyModule\Module' -Include '*.ps1','*.psm1','*.psd1'
Uses a PFX directly (useful for local testing; store-based is recommended for CI).
Common Parameters
This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
For more information, see about_CommonParameters.
Syntax
Register-Certificate [-ExcludePath <String[]>] [-HashAlgorithm <SHA1|SHA256|SHA384|SHA512>] [-Include <String[]>] [-IncludeChain <All|NotRoot|Signer>] -LocalStore <CurrentUser|LocalMachine> -Path <String> [-Thumbprint <String>] [-TimeStampServer <String>] [<CommonParameters>]Parameter set:
StoreParameters
- ExcludePath String[]
- One or more path substrings to exclude from signing.
- HashAlgorithm CertificateHashAlgorithm
- Hash algorithm used for the signature. Default: SHA256.
- Possible values:
SHA1,SHA256,SHA384,SHA512 - Include String[]
- File patterns to include during signing. Default: scripts only.
- IncludeChain CertificateChainInclude
- Which portion of the chain to include in the signature. Default: All.
- Possible values:
All,NotRoot,Signer - LocalStore CertificateStoreLocation
- Certificate store to search when using a certificate from the store.
- Possible values:
CurrentUser,LocalMachine - Path String
- Root directory containing files to sign.
- Thumbprint String
- Certificate thumbprint to select a single certificate from the chosen store.
- TimeStampServer String
- RFC3161 timestamp server URL. Default: http://timestamp.digicert.com.
Outputs
System.Object
Register-Certificate -CertificatePFX <String> [-ExcludePath <String[]>] [-HashAlgorithm <SHA1|SHA256|SHA384|SHA512>] [-Include <String[]>] [-IncludeChain <All|NotRoot|Signer>] -Path <String> [-TimeStampServer <String>] [<CommonParameters>]Parameter set:
PFXParameters
- CertificatePFX String
- A PFX file to use for signing (mutually exclusive with -LocalStore/-Thumbprint).
- ExcludePath String[]
- One or more path substrings to exclude from signing.
- HashAlgorithm CertificateHashAlgorithm
- Hash algorithm used for the signature. Default: SHA256.
- Possible values:
SHA1,SHA256,SHA384,SHA512 - Include String[]
- File patterns to include during signing. Default: scripts only.
- IncludeChain CertificateChainInclude
- Which portion of the chain to include in the signature. Default: All.
- Possible values:
All,NotRoot,Signer - Path String
- Root directory containing files to sign.
- TimeStampServer String
- RFC3161 timestamp server URL. Default: http://timestamp.digicert.com.
Outputs
System.Object