All geek questions in one place

Check certificate chain with powershell

I am trying to write a script that checks the certificate chain in PowerShell (that all the certificates in the chain have not expired) and finds a certificate that is closest to the expiration. I use the following script to find the issuer certificate:

Get-ChildItem -Recurse -Path Cert: | Where-Object {$ _. Subject -eq $ Certificate.Issuer}

For some reason, for some certificates, I get more than one certificate with different Thumbprints that have the same issuer name, and I expected this to be only one.

Is there any other property of the certificate that uniquely identifies the issuer certificate? Maybe there is some other approach for checking the certificate chain?

+6
source share
2 answers

Check test certificate: http://poshcode.org/1633

Validates the specified certificate for certificate chain and revocation

Test-Certificate cmdlet is included in 4.0
http://technet.microsoft.com/en-us/library/hh848639.aspx

I ran this on my localhost, just checking it out,

Get-childitem cert: -recurse | %{ write-host $_ ; Test-Certificate -cert $_ }

This gives a good error when the certificate in the chain has expired.

WARNING: Circuit Status: CERT_TRUST_IS_NOT_TIME_VALID Test-Certificate: The required certificate is not within its validity when checking the current system clock or time stamp in the signed file.

+4
source

I needed to inventory all private key certificates for expiration dates. The sample code below is tested under Powershell 3.0. The Try / Catch structure allows you to suppress hideous red text errors from certificates that do not have private keys.

 Set-Strictmode -Version Latest $arrCerts = Get-Childitem CERT:\ -Recurse foreach ($objItem in $arrCerts) { Try { $blnFound = ($objItem.HasPrivateKey -eq $True) } Catch { $blnFound = $False } if ($blnFound) { $arrSplit = $objItem.PSParentPath -split "::" write-host 'Path '$arrSplit[1] write-host 'Subject '$objItem.SubjectName.Name write-host 'Expires '$objItem.NotAfter write-host 'Private Key '$objItem.HasPrivateKey write-host } }
+1
source

Source: https://habr.com/ru/post/958799/

More articles:


All Articles