I have written this script to list the installed certificates on remote computers. The script lists first the computer accounts that match a specific OS type. Currently, the computer account in the Active Directory domain that have a “Server” operating system are stored in the variable $list.
Then, each computer account is queried through WinRM ( invoke-command cmdlet) to retrieve the certificates installed in the Cert store LocalMachine\Personal.
The retrieved attributes are the following:
- thumbprint
- CN
- Issuer
- Expiration date
- Cert Template name
All the informations are finally stored in a variable called $array . The result can be exported to a csv file with the following command:
$array | select * | convertto-csv | out-file c:\temp\cert_report.csv
The script:
import-module activedirectory
$list = Get-ADComputer -filter * -Properties operatingsystem |? {$_.operatingsystem -match "server"}
$array = @()
$list | % {
$hostname = $_.DNSHostName
$array += invoke-command -ComputerName $hostname {
try {
function get_InstalledCertificateInfo($loc) {
#build an array with the certificate thumbprint, CN and the template used to generate the cert if available
$array = gci Cert:\$loc | `
# get thumbprint
select Thumbprint , `
# extract the CN
@{n="CN";e={($_.Subject).split("=")[1]}} , `
# Isuer and expiration date
@{n="issuer";e={$_.Issuer}} , `
@{n="expire_on";e={$_.NotAfter}} , `
# get the cert Template Name (Template=TEMPLATE NAME(OID) )
@{n="IssuedfromTemplate";e={[regex]::match( ($_.extensions.Format(0) | ? { $_ -match "Template" } ).split(",")[0] , '^(Template\=)(\w.*)(\([0-9.]*(\)))$' ).Groups[2].value}}
return $array
}
$certLocation = "LocalMachine\My"
get_InstalledCertificateInfo $certLocation
}
catch {
write-host "`n-----------`nConfigure WinRM on :`n$hostname`n-----------`n" -ForegroundColor Magenta
}
}
}
My Powershell script categories
- Active Directory
- Cluster
- Database
- Exchange
- Files and folders
- Hardware
- Network
- Operating System
- PKI
- SCCM
- Service and process
- Tips
- VMWare