System scripts
DigiCert provides a few post-processing scripts, which DigiCert manages and are referred to as System scripts. The system post-processing scripts are signed so you can verify them for authenticity and integrity to safeguard against unauthorized or malicious changes.
In DigiCert® Trust Lifecycle Manager (TLM), you can view all the system scripts from Discovery and automation tools > Scripts > System scripts page, where these scripts are available to view, download, or for reference. All the system scripts that DigiCert manages are non-editable.
警告
If using a third-party platform for device management, make sure the PowerShell execution policy on client computers is set to RemoteSigned
to ensure proper operation of the Windows system post-scripts. Check the Microsoft PowerShell documentation for more details about execution policies.
DigiCert-managed system post-scripts
Script name | Script description | Supported certificate templates |
---|---|---|
Outlook.ps1* | Configure Outlook's security profile to use the certificate for signing and encrypting. |
|
ADPublisher.ps1* | Publish the certificate to an Active Directory. |
|
Adobe.ps1 | This script configures Adobe Acrobat Reader to use the Adobe individual certificate for document signing. | Adobe Individual in Organization (via CertCentral) |
*Script supports Windows platform. |
注意
Certificate publication in the Active Directory is done via LDAP using a non-TLS connection on port 389. Currently, LDAP over SSL (LDAPS) is not supported.
Verify system script signature
Once a PowerShell (.ps1) system script is downloaded from DigiCert® Trust Lifecycle Manager (TLM), it is possible to verify the script signature manually by running the Powershell command.
PS> Get-AuthenticodeSignature -FilePath <path-to-script-file>
For example, a valid signature on Outlook.ps1 looks like:
PS> Get-AuthenticodeSignature -FilePath .\Outlook.ps1 SignerCertificate Status Path ----------------------------------------------------------------------------- D05A55D54AAA0653D148B231141AC268C416E1D4 Valid Outlook.ps1
注意
The signature verification step is optional and can be skipped.
Code signing certificate and CA chain
Use the following links to download the PEM-encoded code signing, intermediate CA, and root CA certificates used to sign the system scripts: