About the Patch My PC Code-Signing Certificate

Details about the Patch My PC Cloud Code-Signing certificate and how to deploy it.

Patch My PC (PMPC) signs Win32 app scripts with a code-signing certificate from a public Certificate Authority (CA). For these scripts to run correctly under an AllSigned execution policy, the public key of the code-signing certificate must be present in the Trusted Publishers certificate store on all relevant computers.

If this public key is not in the store, any scripts signed with the certificate will fail the validation process and PowerShell will not execute them. The following is an example of what the AgentExecutor.log will show if a script cannot be executed because the system doesn’t trust it.

In addition, the computer must trust the certificate chain for the code-signing certificate, which is generally the case with certificates issued by public CAs. By importing the code-signing certificate's public key into the Trusted Publishers store, you ensure PowerShell can successfully verify and run the signed scripts.

Deploying our certificate from Intune

You have two ways to deploy our certificate from Intune:


If you prefer to deploy our certificate using a method not described here, you can download it from: https://patchmypc.com/codesign

Last updated