Command Summary

Install-Module -Name PSPKI

Install PKI PowerShell module

Get-Command -Module PKI

Verify PKI modules

cngtool EnumProvider

List available CNG providers

cngtool ProviderInfo

Display provider details

cngtool ListKeys

List keys stored in HSM

certreq -new request.inf request.req

Generate CSR and HSM key

certreq -accept codesign.crt

Install certificate

certutil -addstore my codesign.crt

Import certificate into store

certutil -store my

View certificate details

certutil -repairstore my <serial>

Repair certificate-key mapping

New-SelfSignedCertificate

Create self-signed certificate using HSM key

Export-Certificate

Export certificate to file

Get-ChildItem Cert:\LocalMachine\My

List certificates

signtool sign /fd sha256 /sm /a <file>

Sign executable

signtool verify /pa /v <file>

Verify signature

notepad %CS_CNG_CFG%

Open CNG configuration file

setx CS_CNG_CFG <path>

Set CNG config environment variable