What happens to a PowerShell Script when it is signed and the certificate is revoked/expires?

Question

Hi!

Within our company we are discussing to have new PowerShell scripts digitally signed. But now a question has poped up that I can't answer:

What happens to a PowerShell Script when it is signed and the certificate is revoked/expires?

The fear is that, since we have several scripts we use for automation, that these would stop working if the scripts were signed and the certificate with which they were signed were to be revoked or would expire. Can anyone tell me if this fear is founded? Better yet, what does happen in this scenario?

Thanks in advance.

Best Regards,

Gerrit Deike

Answer 1

Hello @Gerrit Deike ,

Thanks for your query.

If you timestamp your code while the certificate is valid the effect is that your expired certificates are good.
Code Signing Certificates are valid for 1 or 2 years depending on which life cycle you choose when you purchase the certificate. Please note: For Microsoft® Authenticode® (Multi-Purpose), you should also timestamp your signed code to avoid your code expiring when your certificate expires.
Microsoft® Authenticode® (Multi-Purpose) allows you to timestamp your signed code. Timestamping ensures that code will not expire when the certificate expires because the browser validates the timestamp.

What happens when a code signing certificate expires?: https://stackoverflow.com/questions/329396/what-happens-when-a-code-signing-certificate-expires

Best regards,
Leila

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.