Renewing Powershell Self Signed Certificate from CA

Question

Hi Everyone,

We're going to change ours Self Signed Powershell certificates, we have an AD Certificate Services in our domain, we've created custom Self Signed Powershell certificates for code signing, then we've distribute the certificates via GPO. These kind of certificates we use for signing Script, and that we distribute on clients, have 2 years of validity, while the Custom template on CA has 10 years of validity.

As the script that we run daily are signed with a certificate which is going to expire, what happens when we will reissue a new certificate from CA and then distribute the new one, must we re-sign all the scripts? Or can we just keep using the expired one?

Thanks for asking

Answer 1

Hello Massimiliano Gasbarro,

Thank you for posting in Q&A forum.

Once a certificate expires, it is no longer considered valid for signing or authentication purposes. This means that any scripts signed with the expired certificate will not be trusted by the system.

To ensure that your scripts continue to be trusted and run without issues, you will need to re-sign them with the new certificate. This involves using the new certificate to sign each script again.

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.