List installed certificate properties on remote computers
List installed certificate properties on remote computers

I have written this script to list the installed certificates on remote computers. The script lists first the computer accounts that match a specific OS type. Currently, the computer account in the Active Directory domain that have a “Server” operating system are stored in the variable $list.
Then, each computer account is queried through WinRM ( invoke-command cmdlet) to retrieve the certificates installed in the Cert store LocalMachine\Personal.
The retrieved attributes are the following:

  • thumbprint
  • CN
  • Issuer
  • Expiration date
  • Cert Template name

All the informations are finally stored in a variable called $array . The result can be exported to a csv file with the following command:
$array | select * | convertto-csv | out-file c:\temp\cert_report.csv

The script:

import-module activedirectory
$list = Get-ADComputer -filter * -Properties operatingsystem |? {$_.operatingsystem -match "server"}
$array = @()

$list | % {
	$hostname = $_.DNSHostName
	$array += invoke-command -ComputerName $hostname {
		try {
			function get_InstalledCertificateInfo($loc) {
				#build an array with the certificate thumbprint, CN and the template used to generate the cert if available
				$array = gci Cert:\$loc | `
					# get thumbprint
					select Thumbprint , `
					# extract the CN
					@{n="CN";e={($_.Subject).split("=")[1]}} , `
					# Isuer and expiration date
					@{n="issuer";e={$_.Issuer}} , `
					@{n="expire_on";e={$_.NotAfter}} , `
					# get the cert Template Name (Template=TEMPLATE NAME(OID) )
					@{n="IssuedfromTemplate";e={[regex]::match( ($_.extensions.Format(0) | ? { $_ -match "Template" } ).split(",")[0] , '^(Template\=)(\w.*)(\([0-9.]*(\)))$' ).Groups[2].value}}
				return $array
			}
			$certLocation = "LocalMachine\My"
			get_InstalledCertificateInfo $certLocation
		}
		catch {
			write-host "`n-----------`nConfigure WinRM on :`n$hostname`n-----------`n" -ForegroundColor Magenta
		}
	}
}

<>

My Powershell script categories

List installed certificate properties on remote computers

Leave a Reply

Your email address will not be published.