We've set up a Nuget style package repository for our locally produced tools at work. This is done via a file share. However, the module that I am attempting to update is throwing an error about the authenticode signature of the old version not matching the publisher of the new version.
The signing certificate is from our AD PKI system and is trusted and it does not change/has not changed in any way.
Obviously using
-SkipPublisherCheckis a viable workaround but that is not a long-term solution.I receive no errors or warnings on the initial installation of the package. Only when performing the update.
On the signing machine there are only 3 certificates and all three are in the LocalMachine store. They do not have the same subject (this is mentioned as a possible cause on some sites I found via Google)
Code
$cert = get-ChildItem Cert:\LocalMachine\My\5B3B66061B02EBF0986CF7969F36C6FB58060046
Set-AuthenticodeSignature "C:\Jenkins\workspace\Scripts - Master\MyModule_Src\dist\MyModule\MyModule.psm1" -Certificate $cert
#... Pester tests
Publish-Module -Name MyModule -Repository ORGPSGet -Verbose -force
Error Message
PackageManagement\Install-Package : Authenticode issuer 'System.Object[]' of the new module 'MyModule' with version
'4.0.4' is not matching with the authenticode issuer 'System.Object[]' of the previously-installed module 'MyModule'
with version '4.0.3'. If you still want to install or update, use -SkipPublisherCheck parameter.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:2089 char:20
+ ... $sid = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Exc
eption
+ FullyQualifiedErrorId : AuthenticodeIssuerMismatch,Validate-ModuleAuthenticodeSignature,Microsoft.PowerShell.Packag
eManagement.Cmdlets.InstallPackage
