Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest released version
• Search the existing issues.
• Refer to the FAQ.
• Refer to Differences between Windows PowerShell 5.1 and PowerShell.

Steps to reproduce

The Set-AuthenticodeSignature command allows the use of an http or https timestamp server, however, the internal function (CryptUIWizDigitalSign) it relies on does not support https timestamp server.
An internal function in cryptuiwizard!CryptUIWizDigitalSign (MSSIGN32!CHttpTran::Open) will return an Invalid Parameter error if the URL doesn’t start with http. This makes any https URL fail.
If you run Set-AuthenticodeSignature with an https timestamp server, the returned status is The parameter is incorrect

Reproduction steps:

$cert = New-SelfSignedCertificate -KeyUsage DigitalSignature -KeySpec Signature -KeyAlgorithm RSA -KeyLength 2048 -DNSName “www.yourdomain.com” -CertStoreLocation Cert:\CurrentUser\My -Type CodeSigningCert -Subject "CodeSign1"

$SignatureParams2 = @{
FilePath = "test.ps1"
Certificate = $cert
IncludeChain = "All"
TimestampServer = "https://frc3161.ai.moda/microsoft"
}
Set-AuthenticodeSignature @SignatureParams2

Expected behavior

Set-AuthenticodeSignature should not allow an https timestamp server.

Actual behavior

Set-AuthenticodeSignature is allowing an https timestamp server and the command fails when calling the internal function CryptUIWizDigitalSign (part of Windows API cryptUI.dll).

Error details

$cert = New-SelfSignedCertificate -KeyUsage DigitalSignature -KeySpec Signature -KeyAlgorithm RSA -KeyLength 2048 -DNSName “www.yourdomain.com” -CertStoreLocation Cert:\CurrentUser\My -Type CodeSigningCert -Subject "CodeSign1"

$SignatureParams2 = @{
FilePath = "test.ps1"
Certificate = $cert
IncludeChain = "All"
TimestampServer = "https://timestamp.fabrikam.com/scripts/timstamper.dll"
}
Set-AuthenticodeSignature @SignatureParams2

Output:

    Directory: C:\Works\Cases\2501280040015507_PowerShellCrash

SignerCertificate                         Status                 StatusMessage          Path
-----------------                         ------                 -------------          ----
                                          UnknownError           The parameter is inco… test.ps1

Environment data

Name                           Value
----                           -----
PSVersion                      7.5.0
PSEdition                      Core
GitCommitId                    7.5.0
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Visuals

The following PR needs to be rolled back:
#16134