Author Posts

December 18, 2017 at 4:33 pm

Hi all,

I have a reasonably straightforward script which provides me with various Certificate items based on using the 'Get-Child-Item -Recurse' CMDLET within a scriptblock from a list of servers, this has been working fine for my needs until I recently have been asked to provide the hash algorithm of these certificates I.E. SHa1, SHA2 etc.

I have looked into the SignatureAlgorithm.FriendlyName object to return this but unfortunately it does not seem to work 🙁

Even from a server if I change to the Certificate provider and attempt to get the algorithm info as below here is what I receive:

PS Cert:\LocalMachine> gci -Recurse | Select -Property SignatureAlgorithm

SignatureAlgorithm
——————
System.Security.Cryptography.Oid

I have truncated the results but obviously there is no hash value being displayed 🙁

Also, if I use the following 'signature.algorithm.friendlyname' then no results get displayed at all ??

PS Cert:\LocalMachine> gci -Recurse | Select -Property SignatureAlgorithm.friendlyname

SignatureAlgorithm.friendlyname
——————————-

Please help?

Many thanks in advance.

December 18, 2017 at 4:54 pm

$CertList = Get-ChildItem -Path Cert:\LocalMachine -Recurse | ? { $_.SignatureAlgorithm } 
$CertList | select @{n='Algorithm';e={$_.SignatureAlgorithm.FriendlyName}},Subject

December 19, 2017 at 4:50 pm

Thanks for your help guys,
Sam, I used the second line of your suggested code which provided the signature algorithm value per certificate in conjunction with my other values per certificate per server adding it into my overall exported csv file.
However, do you know of any documentation which will fully explain the syntax for this will help me fully understand?

Many thanks for your help guys.

December 19, 2017 at 5:30 pm

Hi Sam,

very good script
how i can find certificate that will be expaired next month

Thanks