I have written this script to list the installed certificates on remote computers. The script lists first the computer accounts that match a specific OS type. Currently, the computer account in the Active Directory domain that have a “Server” operating system are stored in the variable $list.
Then, each computer account is queried through WinRM ( invoke-command cmdlet) to retrieve the certificates installed in the Cert store LocalMachine\Personal.
The retrieved attributes are the following:
- thumbprint
- CN
- Issuer
- Expiration date
- Cert Template name
All the informations are finally stored in a variable called $array . The result can be exported to a csv file with the following command:
$array | select * | convertto-csv | out-file c:\temp\cert_report.csv
The script:
import-module activedirectory $list = Get-ADComputer -filter * -Properties operatingsystem |? {$_.operatingsystem -match "server"} $array = @() $list | % { $hostname = $_.DNSHostName $array += invoke-command -ComputerName $hostname { try { function get_InstalledCertificateInfo($loc) { #build an array with the certificate thumbprint, CN and the template used to generate the cert if available $array = gci Cert:\$loc | ` # get thumbprint select Thumbprint , ` # extract the CN @{n="CN";e={($_.Subject).split("=")[1]}} , ` # Isuer and expiration date @{n="issuer";e={$_.Issuer}} , ` @{n="expire_on";e={$_.NotAfter}} , ` # get the cert Template Name (Template=TEMPLATE NAME(OID) ) @{n="IssuedfromTemplate";e={[regex]::match( ($_.extensions.Format(0) | ? { $_ -match "Template" } ).split(",")[0] , '^(Template\=)(\w.*)(\([0-9.]*(\)))$' ).Groups[2].value}} return $array } $certLocation = "LocalMachine\My" get_InstalledCertificateInfo $certLocation } catch { write-host "`n-----------`nConfigure WinRM on :`n$hostname`n-----------`n" -ForegroundColor Magenta } } }
My Powershell script categories
- Active Directory
- Cluster
- Database
- Exchange
- Files and folders
- Hardware
- Network
- Operating System
- PKI
- SCCM
- Service and process
- Tips
- VMWare