find a certificat

This topic contains 8 replies, has 6 voices, and was last updated by  Brad 2 weeks, 1 day ago.

  • Author
    Posts
  • #80707

    cosmic
    Participant

    How kan I find a certificate in server with Powershell script?

  • #80710

    Jim Corbin
    Participant
  • #80773

    random commandline
    Participant

    Certificates can be found in the cert drive.

    Get-ChildItem Cert:\ -Recurse
  • #80801

    cosmic
    Participant

    I want the command to return a certificate name. (Issued to)

  • #80830

    postanote
    Participant

    cosmic,

    You can only get back what is available.

    if you take a look at the all the available properties, a property name titled 'IssueTo' is not an option.
    The UI in Windows Sever is using another method to display that portion.

    (gci Cert:\LocalMachine\My | Select -Property *) | Get-Member | Select Name

    Even getting at the hidden properties, does not show an IssuedTo property

    (gci Cert:\LocalMachine\My | Select -Property *) | Get-Member -Force | Select Name

    Yet, as a point of note: by default, the string shown in the 'Issued To' message in the ADCS cert UI is the 'Subject' name of the cert

    However, I also want to point out, if you really need this or just want to do this you need to go about it another way. Meaning calculate it yourself.

    For example:
    The below is using a call to the X509 methods directly. See the details here:
    'msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.getnameinfo.aspx'

    Get-ChildItem cert:\LocalMachine\My |
    Format-Table Subject, @{ Label = 'IssuedTo'; Expression = { $_.GetNameInfo( 'SimpleName', $false ) } },
    @{ Label = 'IssuedBy' ;Expression = { $_.GetNameInfo( 'SimpleName', $true ) } }

  • #80833

    cosmic
    Participant

    There is a certificate called Novaboard! How can I look for this certificate on a server?

  • #80921

    Rick
    Participant

    Try this:

    get-childitem cert: -recurse | ? {$_.FriendlyName -match "Novaboard"} | fl *
    
  • #80932

    postanote
    Participant

    If PowerShell Remoteing (WSMan and or DCOM)...

    'technet.microsoft.com/en-us/library/ff700227.aspx'
    'docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-5.1'
    'technet.microsoft.com/en-us/library/gg981683.aspx'

    ... you can just use the Invoke-Command cmdlet to point to that computer and run whatever code you wish...

    Example:
    Invoke-Command -ComputerName 'put you computer name here' -ScriptBlock { (Get-ChildItem -Path Cert:\LocalMachine -Recurse) -match 'your certificate name / subject'}

    ... well as long as you have admin rights on the server and you need admin rights for PowerShell Remoteing to function.

  • #81116

    Brad
    Participant

    Hi,
    i try to get expired cert, but i get different result and its not what i need

    Invoke-Command -ComputerName Comp123 -ScriptBlock {
        Get-ChildItem Cert:\ -Recurse | Format-Table Subject, @{ Label = 'IssuedTo'; Expression = { $_.GetNameInfo( 'SimpleName', $false ) } },
    @{ Label = 'IssuedBy' ;Expression = { $_.GetNameInfo( 'SimpleName', $true ) }
    }}

    and

    $comp = Get-ChildItem cert:\LocalMachine\My |
    Format-Table Subject, @{ Label = 'IssuedTo'; Expression = { $_.GetNameInfo( 'SimpleName', $false ) } },
    @{ Label = 'IssuedBy' ;Expression = { $_.GetNameInfo( 'SimpleName', $true )}}
    
    $comp

    Please, help
    Thanks

You must be logged in to reply to this topic.