Skip to main content

System scripts

DigiCert provides a few post-processing scripts, which DigiCert manages and are referred to as System scripts. The system post-processing scripts are signed so you can verify them for authenticity and integrity to safeguard against unauthorized or malicious changes.

In DigiCert​​®​​ Trust Lifecycle Manager (TLM), you can view all the system scripts from Discovery and automation tools > Scripts > System scripts page, where these scripts are available to view, download, or for reference. All the system scripts that DigiCert manages are non-editable.

Warning

If using a third-party platform for device management, make sure the PowerShell execution policy on client computers is set to RemoteSigned to ensure proper operation of the Windows system post-scripts. Check the Microsoft PowerShell documentation for more details about execution policies.

DigiCert-managed system post-scripts

Script name

Script description

Supported certificate templates

Outlook.ps1*

Configure Outlook's security profile to use the certificate for signing and encrypting.

  • Private S/MIME Secure Email

  • Public S/MIME Secure Email (via PKI Platform 8)

  • Public S/MIME Secure Email (via CertCentral)

ADPublisher.ps1*

Publish the certificate to an Active Directory.

  • Private S/MIME Secure Email

  • Public S/MIME Secure Email (via PKI Platform 8)

  • Public S/MIME Secure Email (via CertCentral)

Adobe.ps1

This script configures Adobe Acrobat Reader to use the Adobe individual certificate for document signing.

Adobe Individual in Organization (via CertCentral)

*Script supports Windows platform.

Note

Certificate publication in the Active Directory is done via LDAP using a non-TLS connection on port 389. Currently, LDAP over SSL (LDAPS) is not supported.

Verify system script signature

Once a PowerShell (.ps1) system script is downloaded from DigiCert​​®​​ Trust Lifecycle Manager (TLM), it is possible to verify the script signature manually by running the Powershell command.

PS> Get-AuthenticodeSignature -FilePath <path-to-script-file>

For example, a valid signature on Outlook.ps1 looks like:

PS> Get-AuthenticodeSignature -FilePath .\Outlook.ps1


SignerCertificate                          Status                        Path                                   
-----------------------------------------------------------------------------                   
D05A55D54AAA0653D148B231141AC268C416E1D4   Valid                    Outlook.ps1

Note

The signature verification step is optional and can be skipped.

Code signing certificate and CA chain

Use the following links to download the PEM-encoded code signing, intermediate CA, and root CA certificates used to sign the system scripts: