Custom Process + PowerShell Cert signing

You may need to sign PowerShell scripts you use for your deviceTRUST Custom Processes. File format can be a challenge with script signing. Read here how to format the signed PowerShell scrips properly.

Script signing signs the given script with all details, including content, name, file properties, and format. A change in the file format can be a cog in the machine if unrecognized. 

We use a PowerShell script here to guide you through the signing process.


The situation

Your PowerShell Execution Policy might be set to "Signed Scripts only". This way, the execution of any PowerShell script that has not been signed with a trusted code signing certificate will be denied from running.



The issue

Codesigning being enforced will affect PowerShell based Custom Processes in deviceTRUST Actions. Unsigned scripts will be triggered, but not executed.


This is valid for embedded scripts... 


... as well as for externally triggered scripts.

The second issue

Now, even if you signed the cert with your certificate, you might see the same issue: The script is being blocked from execution. The signing is not accepted.

The solution

Opening the script in your favourite text editor befor signing, you'll notice the file format being (for example and most likely) "UTF-8".

Set the file format to "UTF-8 with BOM" and save. Then sign again.

This will result in a sucessfully executed script.

Anything shown is valid for PowerShell scripts, be the embedded or referenced as file.