Certificate error?

Aug 21, 2009 at 4:16 PM

Downloaded Powerboots, and when I run import-module I get:

Import-Module : File C:\Documents and Settings\Me\My Documents\WindowsPowerShell\Modules\PowerBoots\PowerBoots.psm1
cannot be loaded. An internal certificate chaining error has occurred.
At line:1 char:14
+ import-module <<<<  ..\PowerBoots
    + CategoryInfo          : NotSpecified: (:) [Import-Module], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException,Microsoft.PowerShell.Commands.ImportModuleCommand

Get-AuthenticodeSignature .\PowerBoots.psm1 | fl *

SignerCertificate      : [Subject]
                           E=Jaykul@HuddledMasses.org, CN=Joel Bennett, OU=Scripting, O=http://HuddledMasses.org, L=Roc
                         hester, S=New York, C=US

                         [Issuer]
                           E=Jaykul@HuddledMasses.org, CN=http://HuddledMasses.org Certificate Authority, OU=Scripting
                         Certificate Authority, O=http://HuddledMasses.org, L=Rochester, S=New York, C=US

                         [Serial Number]
                           00B3E9A838FDC29EF1

                         [Not Before]
                           3/15/2009 3:19:19 PM

                         [Not After]
                           3/15/2010 3:19:19 PM

                         [Thumbprint]
                           7DEFA3C6C2138C05AAA135FB8096332DEB9603E1

TimeStamperCertificate :
Status                 : UnknownError
StatusMessage          : An internal certificate chaining error has occurred
Path                   : C:\Documents and Settings\Me\My Documents\WindowsPowerShell\Modules\PowerBoots\PowerBoots.p
                         sm1

 

From this I take it that my computer sees no way to trust:

E=Jaykul@HuddledMasses.org, CN=http://HuddledMasses.org Certificate Authority, OU=Scripting
                         Certificate Authority, O=http://HuddledMasses.org, L=Rochester, S=New York, C=US

How can I add the HuddledMasses.org CA?

Coordinator
Aug 22, 2009 at 2:26 AM

What’s your ExecutionPolicy set to? I’m just curious, because I didn’t realize there was a problem with unknown roots.

Anyway, I don’t know what to do here. Obviously the best thing would be for me to invest in a certificate to sign these with, but since I’ve yet to make any money doing this stuff, I’m not inclined to spend hundreds a year on it J  so failing that, the best thing to do is for you to just re-sign it with your own certificate, or remove the signature completely.

… you almost certainly shouldn’t try to trust my CA, because it’s just a CA cert I created myself using OpenSSL –after much debate, the consensus we (the PowerShell scripting community) have arrived at is that trusting a root CA which is just a certificate on some guy’s hard drive is a very bad idea, even if you trust him.

--

Joel “Jaykul” Bennett

http://HuddledMasses.org

From this I take it that my computer sees no way to trust:

E=Jaykul@HuddledMasses.org, CN=http://HuddledMasses.org Certificate Authority, OU=Scripting
Certificate Authority, O=http://HuddledMasses.org, L=Rochester, S=New York, C=US

How can I add the HuddledMasses.org CA?

Aug 22, 2009 at 2:56 AM

I have been running with RemoteSigned as that seemed the safest thing without buying a code signing cert.  Just built an internal cert server so I can resign with mine.

No, certainly I do not want you spending money on this.  Your time alone is more than enough and very much appreciated.  If I could hire you I would.  Your contributions to the Powershell community have been amazing.

Based on your reply I will remove your signatures and either run without or sign with my internal cert.

Thank you for replying.

___________________________________

Michael Koehler

Chief Technology Officer
Simpson Thacher & Bartlett LLP
425 Lexington Avenue
New York, New York 10017

Tel: (212) 455-3253
Fax: (212) 455-2502
mkoehler@stblaw.com


Celebrating 125 Years 1884 – 2009
___________________________________

From: Jaykul [mailto:notifications@codeplex.com]
Sent: Friday, August 21, 2009 10:26 PM
To: Koehler, Michael W
Subject: Re: Certificate error? [PowerBoots:66618]

From: Jaykul

What’s your ExecutionPolicy set to? I’m just curious, because I didn’t realize there was a problem with unknown roots.

Anyway, I don’t know what to do here. Obviously the best thing would be for me to invest in a certificate to sign these with, but since I’ve yet to make any money doing this stuff, I’m not inclined to spend hundreds a year on it J so failing that, the best thing to do is for you to just re-sign it with your own certificate, or remove the signature completely.

… you almost certainly shouldn’t try to trust my CA, because it’s just a CA cert I created myself using OpenSSL –after much debate, the consensus we (the PowerShell scripting community) have arrived at is that trusting a root CA which is just a certificate on some guy’s hard drive is a very bad idea, even if you trust him.

--

Joel “Jaykul” Bennett

http://HuddledMasses.org

From this I take it that my computer sees no way to trust:

E=Jaykul@HuddledMasses.org, CN=http://HuddledMasses.org Certificate Authority, OU=Scripting
Certificate Authority, O=http://HuddledMasses.org, L=Rochester, S=New York, C=US

How can I add the HuddledMasses.org CA?

Read the full discussion online.

To add a post to this discussion, reply to this email (PowerBoots@discussions.codeplex.com)

To start a new discussion for this project, email PowerBoots@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com