Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Note: Make sure your Sophos Firewall time is correct to avoid potential Certificate Trust issues
Special Thanks to Raghuraman Rajan
Table of Contents
The script will install Certificates in trusted root on the local device automatically. This is to avoid the installation of SSL CA manually.
Kindly see below for reference for installing SSL CA:
Click Cert.zip to download.
- Certificate must be in the following format: .crt .cer and .pem
- The certificate directory must be the same as the script
- Set Script Policy to RemoteSigned
- PowerShell must be run in Administrator.
Set Script Policy to RemoteSigned
Doing this keeps the system safe by preventing unauthorized scripts from running
How to Set PowerShell Execution Policy to RemoteSigned
1. Via Setting App
Windows 11: Settings App > Privacy & Security > For developer
Windows 10: Settings App > Updated & Security > For developer
Change execution policy to allow local PowerShell script to run without signing. Require signing for remote scripts “under the PowerShell section.” Then click Apply
2.1 Launch PowerShell in elevated mode
2.2 Enter the following commands “Set-ExecutionPolicy RemoteSigned” as seen below.
For Reference: www.itechtics.com/.../
Running the Script
1. Extract the Cert.zip to desired location/directory and add the Certificates.
2. Run PowerShell in elevated mode.
Click the Start/Window button then type PowerShell, then Right click the PowerShell Icon and select Run as Administrator
3. Go to the Directory where the Script and Certificates are saved by doing the following command
cd < Path where the script is saved>
To verify you can use the command “dir”
4. To run the script. Kindly type .\Cert.ps1 then Press Enter
*If you encounter the following issue below.
*Running script is disabled on your system and needs to be enabled by your system/network administrator
Verifying if the script was installed
Go to Run from the Start menu then enter “certlm.msc “ and verify if the Certificate was installed
dir -Path ".\" -filter *.crt | Import-Certificate -CertStoreLocation cert:\localmachine\root
dir -Path ".\" -filter *.cer | Import-Certificate -CertStoreLocation cert:\localmachine\root
dir -Path ".\" -filter *.pem | Import-Certificate -CertStoreLocation cert:\localmachine\root
Added horizontal lines below disclaimer and end of RR
[edited by: Raphael Alganes at 9:33 AM (GMT -7) on 16 Oct 2023]