PowerShell Get Certificate

PowerShell Get CertificateWhen you install certificates on a machine it could happen that Windows Event viewer will log a message like the following:

Certificate for local system with Thumbprint b5 17 7b 94 55 09 ef 39 bd 4e e5 78 61 f5 fc 12 06 56 e4 b7 is about to expire or already expired.

The message is self-explanatory and probably you’ve already seen it but tells us little in terms of which certificates has expired, an easy way to find the information is to have PowerShell get certificate thumbprint for us and “map” that to the certificate name.

To have PowerShell get certificate thumbprint for us we will take advantage of PowerShell drives, the following command will show all root certificates installed on the machine, I am using root certificates as this will produce a more varied output:

# Get all certificate installed on the machine

Get-ChildItem -path cert:LocalMachineRoot

# Output of installed certificates 

    Directory: Microsoft.PowerShell.SecurityCertificate::LocalMachineRoot

Thumbprint                                Subject

----------                                -------

F9AE40CCBBDA4795E58AC5D203BFB7BD331B81E8  CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US
CDD4EEAE6000AC7F40C3802C171E30148030C072  CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com
C9AB582BF062FF9D702C7666CA2B9AC49552628B  CN=Symantec Root 2005 CA, O=Symantec Corporation, C=US
BE36A4562FB2EE05DBB3D32323ADF445084ED656  CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durba
A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
A43489159A520F0D93D032CCAF37E7FE20A8B419  CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (
7F88CD7223F3C813818C994614A89C99FA3B5247  CN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US
74CDD21C2F1D104F8940DFFE7E6F035756E2F5D0  CN=Symantec Root CA, O=Symantec Corporation
245C97DF7514E7CF2DF8BE72AE957B9E04741E85  OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Ser
18F7C1FCC3090203FD5BAA2F861A754976C8DD25  OU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time St
D4DE20D05E66FC53FE1A50882C78DB2852CAE474  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
D23209AD23D314232174E40D7F9D62139786633A  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
97817950D81C9670CC34D809CF794431367EF474  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O
742C3192E607E424EB4549542BE1BBC53E6174E2  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc."
503006091D97D4F5AE39F7CBE7927D7D652D3431  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.ne
4F65566336DB6598581D584A596C87934D5F2AB4  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc."
4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="

To have PowerShell get certificate with the specific thumbprint we’re after you would use:

# Get certificate with specific thumbprint

Get-ChildItem -Path cert:LocalMachineroot | where {$_.thumbprint -eq "F9AE40CCBBDA4795E58AC5D203BFB7BD331B81E8"}

# Output 

    Directory: Microsoft.PowerShell.SecurityCertificate::LocalMachineroot

Thumbprint                                Subject

----------                                -------

F9AE40CCBBDA4795E58AC5D203BFB7BD331B81E8  CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US

If you have defined a friendly name for your certificate you can even further refine the output with the following command:

# Get certificate with specific thumbprint

Get-ChildItem -Path cert:LocalMachineroot | where {$_.thumbprint -eq "F9AE40CCBBDA4795E58AC5D203BFB7BD331B81E8"} | select Subject, FriendlyName
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s