Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Get-Cert {
- <#
- .SYNOPSIS
- Prints out the list of certs in stores specified by the global 'certDirectories' variable. Adds handy Properties to the X509Certificates returned.
- Including: Expiration, SubjectAlternateNames, Path, FileName
- .DESCRIPTION
- .PARAMETER filter
- A filter that gets applied across all relevant cert info: Thumbprint, Subject, SerialNumber, etc...
- .PARAMETER Expiration
- A switch that will display the certs sorted by expiration. Equivalent to 'lscert | sort expiration | ft expiration,thumbprint,subject'
- .PARAMETER thumbprint
- Filter used against the thumbprints
- .PARAMETER subject
- Filter used against the subjects
- .PARAMETER altName
- Filter used against the subject alternative names
- .PARAMETER certDirectoryOverride
- An override for specific cert stores to search
- .PARAMETER localFolders
- A local folder cotaining *.cer files that will also be loaded. Will recursively search
- .PARAMETER private
- Filters certs that contain private keys
- .EXAMPLE
- Find a cert matching a generic filter
- Get-Cert microsoft
- .EXAMPLE
- Find all installed certs and all certs in a directory matching the filter and then output their path
- Get-Cert contoso -localFolders C:\my\local\certs\ | ft path
- .EXAMPLE
- Find a cert matching a specific thumbprint
- Get-cert -thumbprintFilter 1342
- .EXAMPLE
- Get all certs with private keys
- Get-Cert -privateKey
- #>
- param (
- [string]$filter,
- [string]$thumbprint,
- [string]$subject,
- [string]$altName,
- [string]$serialNumber,
- [switch]$expiration,
- [switch]$privateKey,
- [string[]]$certDirectoryOverride,
- [string[]]$localFolders
- )
- $certDirectories = "cert:\CurrentUser\My", "cert:\LocalMachine\My"
- # Set the cert store to list from
- $certStores = $certDirectories
- if ($certDirectoryOverride -ne $null) {
- $certStores = $certDirectoryOverride
- }
- $items = @()
- # get all certs from the stores
- foreach ($store in $certStores) {
- $items += ls $store
- }
- if ($localFolders) {
- foreach ($folder in $localFolders) {
- $localCertPaths = ls -path $folder -i *cer -rec
- foreach ($certPath in $localCertPaths) {
- $fullName = $certPath.FullName
- $directoryName = $certPath.DirectoryName
- $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)
- add-member -InputObject $cert -MemberType NoteProperty -Name PSParentPath -Value $directoryName -ErrorAction SilentlyContinue
- add-member -InputObject $cert -MemberType NoteProperty -Name Path -Value $fullName
- add-member -InputObject $cert -MemberType NoteProperty -Name FileName -Value $fileName
- $items += $cert;
- }
- }
- }
- # add handy expiration property
- $items | %{
- add-member -InputObject $_ -MemberType ScriptProperty -Name Expiration -Value {[DateTime]$this.GetExpirationDateString()} -ErrorAction SilentlyContinue
- add-member -InputObject $_ -MemberType AliasProperty -Name Path -Value PSPath -ErrorAction SilentlyContinue
- add-member -InputObject $_ -MemberType AliasProperty -Name FileName -Value PSPath -ErrorAction SilentlyContinue
- add-member -InputObject $_ -MemberType ScriptProperty -Name SubjectAlternateNames -ErrorAction SilentlyContinue -Value {
- return ($this.Extensions | Where-Object {$_.Oid.FriendlyName -eq "subject alternative name"}).Format(1).Replace("`r`n",", ").Replace("DNS Name=","")
- }
- add-member -InputObject $_ -MemberType AliasProperty -Name AlternateNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
- add-member -InputObject $_ -MemberType AliasProperty -Name AlternativeNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
- add-member -InputObject $_ -MemberType AliasProperty -Name SubjectAlternativeNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
- add-member -InputObject $_ -MemberType AliasProperty -Name SubjectAltNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
- add-member -InputObject $_ -MemberType AliasProperty -Name AltNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
- }
- # filter all the certs
- if ($filter -ne $null) {
- $items = $items | where-object {
- ($_.Thumbprint -match $filter) -or
- ($_.Subject -match $filter) -or
- ($_.SerialNumber -match $filter) -or
- ($_.SubjectAlternateName -match $filter)
- }
- }
- if ($thumbprint -ne $null) {
- $items = $items | where {$_.Thumbprint -match $thumbprint}
- }
- if ($subject -ne $null) {
- $items = $items | where {$_.Subject -match $subject}
- }
- if ($altName -ne $null) {
- $items = $items | where {$_.SubjectAlternateNames -match $altName}
- }
- if ($serialNumber -ne $null) {
- $items = $items | where {$_.SerialNumber -match $serialNumber}
- }
- if ($privateKey) {
- $items = $items | where {$_.PrivateKey -ne $null}
- }
- if ($expiration) {
- return $items | sort expiration | ft expiration, thumbprint, subject
- }
- return $items
- }
- new-alias lscert Get-Cert -ErrorAction SilentlyContinue
- new-alias dircert Get-Cert -ErrorAction SilentlyContinue
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement