At this point, you should be able to create certificates and sign scripts with them. However, the underlying PKI infrastructure will not trust a certificate unless its issuer is a trusted authority. Public CAs are already included in the Trusted Root Certification Authorities store as well as private CAs in an Active Directory environment:

$exportType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert

$rawCert = $caCert.Export($exportType)[System.IO.File]::WriteAllBytes('c:	empca.cer',$rawCert) 

In the preceding sample, we use the cert content type to export the public key of the certificate (all that is required for the PKI to trust a certificate). The X509ContentType enumeration has several values for multiple scenarios. Most likely, you will use the .pfx value to export the private key to be used in another system.

Alternatively, the Export-Certificate and Export-PfxCertificate commands can accomplish the same task:

$caCert = Get-ChildItem -Path Cert:CurrentUserMy2A0290A44F5052EB5E4F26C55858324B4870EFD6

$password = ConvertTo-SecureString -String "password here" -Force
 -AsPlainText 

$caCert | Export-Certificate -FilePath C:myCa.cer #public key

$caCert | Export-PfxCertificate -FilePath C:myCapfx.pfx -Password $password

Now let's import the public key of the CA to the store so that the certificate and any certificates issued by it will be trusted through the Import-Certificate command:

Import-Certificate -FilePath 'c:myCa.cer' -CertStoreLocation 'Cert:CurrentUserRoot'

Upon running this command, you will be asked whether you actually want to trust the certificate. Since it is self-signed, there is no authority to validate with:

Once imported, you should be able to see the certificate in the Trusted Root Certification Authorities store. Going forward, the certificate and any certificates issued by it will be trusted as long as the certificate is valid: