JS7 JobScheduler

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Introduction

SOS digitally signs PowerShell scripts that are offered for download:

  • Users can verify a script's signature to prove
    • that the script in fact was created and signed by SOS,
    • that the script's signature is valid.
  • Use the built-in Get-AuthenticodeSignature PowerShell cmdlet to verify the signature of a given PowerShell script, for example New-JS7WorkflowFromExcel.ps1 available for download from the JS7 - How to import jobs and workflows from Excel article.


Get-AuthenticodeSignature C:\download\New-JS7WorkflowFromExcel.ps1 | Format-List


SignerCertificate      : [Subject]
                           CN=SOS Software- und Organisations-Service GmbH, O=SOS Software- und Organisations-Service GmbH, S=Berlin, C=DE

                         [Issuer]
                           CN=Sectigo Public Code Signing CA E36, O=Sectigo Limited, C=GB

                         [Serial Number]
                           00FA9F599A72D9EDB2676FC330EC91E996

                         [Not Before]
                           10.05.2023 02:00:00

                         [Not After]
                           12.06.2026 01:59:59

                         [Thumbprint]
                           EF64BFA6BC3EF6585F64E3DEC1CD67334DDBDF3F

TimeStamperCertificate : [Subject]
                           CN="Sectigo RSA Time Stamping Signer #4", O=Sectigo Limited, S=Manchester, C=GB

                         [Issuer]
                           CN=Sectigo RSA Time Stamping CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB

                         [Serial Number]
                           394C25E17CA06D27A865E23BD91D22D4

                         [Not Before]
                           03.05.2023 02:00:00

                         [Not After]
                           03.08.2034 01:59:59

                         [Thumbprint]
                           AE62AF750A0CBD47D6461F7568E2BC8CE7CA4F94

Status                 : Valid
StatusMessage          : Signature verified.
Path                   : C:\download\New-JS7WorkflowFromExcel.ps1
SignatureType          : Authenticode
IsOSBinary             : False


Explanation:

  • The above output tells you that the Signature is valid and has been verified.
  • The SignerCertificate with the [subject] provides the distinguished name of the SOS code signing certificate. The [issuer] indicates the certificate authority that issued the code signing certificate. The output provided with [Not Before] and [Not After] indicates the validity period of the code signing certificate.
  • The TimeStamperCertificate proves that the PowerShell script was signed using a time stamp server with a valid certificate at the point in time of signing.
  • Should the PowerShell script be downloaded after expiration of the code signing certificate, i.e. after 2026-06-12, then the signature is no longer valid. However, the time stamp server's response tells you that the certificate was valid at the point in time of signing. If the signature is expired but still matches the unchanged PowerShell script then there is no harm in trusting such scripts.

The certificate chain is available from the following certificates:



  • No labels