Powershell doesn't seem to work. (not digitally signed)

[KevinBurton]

I am trying to use the new PowerShell commands and I am failing at the first part of the instructions:

PS C:\Program Files\Neo4j CE 2.3.1\bin> Set-ExecutionPolicy remotesigned

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution
policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y

PS C:\Program Files\Neo4j CE 2.3.1\bin> Import-Module .\Neo4j-Management.psd1
Import-Module : File C:\Program Files\Neo4j CE 2.3.1\bin\Neo4j-Management\Neo4j-Management.psm1 cannot be loaded. The file C:\Program Files\Neo4j CE 2.3.1\bin\Neo4j-Management\Neo4j-Management.psm1 is not digitally signed. The script will
 not execute on the system. Please see "get-help about_signing" for more details..
At line:1 char:14
+ Import-Module <<<<  .\Neo4j-Management.psd1
    + CategoryInfo          : NotSpecified: (:) [Import-Module], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException,Microsoft.PowerShell.Commands.ImportModuleCommand

[spacecowboy]

Thanks for the report @KevinBurton .

There appears to be an issue with the signing of the script which should be fixed on our end.

But meanwhile, does it work if you set

Set-ExecutionPolicy Unrestricted

instead? That should disable signature verification.

[drew-moore]

@spacecowboy I can't speak for @KevinBurton, but I'm in the same boat and it does work with ExecutionPolicy set to Unrestricted.

It's quite obnoxious though, not to mention the enormous security hole you're asking us to open up should we forget to change the policy back

[spacecowboy]

@drew-moore Yes absolutely. I certainly don't recommend you leave it like this. It should be fixed on our end. Thanks for trying it though!

[spacecowboy]

@KevinBurton @drew-moore As a slightly more secure workaround until we get around to signing the scripts properly on our end, you can sign the neo4j scripts using your own certificate. A reasonable guide I found is:
http://www.hanselman.com/blog/SigningPowerShellScripts.aspx

[sheymann]

Hello, any news on the issue?

[spacecowboy]

We are in the midst of re-writing our PowerShell scripts. Once that is done, we should have them signed as well.

[drew-moore]

@spacecowboy glad to hear it, I haven't been thrilled with the ergonomics of the current ones, signing issues aside.

[vijaybajwa]

Not being windows shell poweruser, it took me some time to figure out where to type: "Set-executionpolicy Unrestricted". After I figured it out, I am not sure if the policy change affects the registry or just the current shell. In any case, my Local Machine policy seems to be overriding, so that route does not work. I then tried to create my own certificate, using the provided link. That was another odyssey. The makecert.exe was in a different place altogether. After finding it, I tried to create a certificate as described, but it failed. I tried another link, and I was able to create my own certificate, but it seems you still have to change the policy to "AllSigned" or something. That again does not work as my Local Machine policy seems to be overriding. Really, I can't care less about the security issue, my goal is just to start the server.... Can you please advise? Thanks!

[EvanKnowles]

Is there a target release for this one? I can't change my execution policy, so I'll give self-signing it a try but it's not really an option for a team to do.

[aamanlamba]

We are facing this with version 3.2.3 and up - is there a plan to fix this?

[Seddryck]

When trying to install neo4j on CI builds, it'd be really easier if these scripts were signed. Will you consider to get this back?

[EvanKnowles]

Still running into this one.