Reputation: 261
How to extract SSL certificate properties
I want a tool which can run on a server, that would extract and return specified properties from an already installed SSL certificate. I am specifically interested in the "issuer" and "thumbprint" properties. I know that I can simply open the certificate's properties dialog and copy these, and then paste them into my app, but to avoid a possibly error-prone manual process when others will be doing this at multiple sites, i would like a tool or script I can call that would simply return the value of a specified property from a specified certificate. I am fine if i need to make a separate call for each desired property. The more turnkey this is, the better. Are there any suggestions, please?
Upvotes: 2
Views: 15426
Answers (1)
Reputation: 3226
You want to do something like this:
Get-ChildItem Cert:\LocalMachine\Root\ | Select Issuer,Thumbprint
Here is a list of properties you can easily get from System.Security.Cryptography.X509Certificates.X509Certificate2 objects(common certificates).
Name MemberType Definition
---- ---------- ----------
Archived Property bool Archived {get;set;}
Extensions Property System.Security.Cryptography.X509Certificates.X509ExtensionCollection Extensions {get;}
FriendlyName Property string FriendlyName {get;set;}
Handle Property System.IntPtr Handle {get;}
HasPrivateKey Property bool HasPrivateKey {get;}
Issuer Property string Issuer {get;}
IssuerName Property System.Security.Cryptography.X509Certificates.X500DistinguishedName IssuerName {get;}
NotAfter Property datetime NotAfter {get;}
NotBefore Property datetime NotBefore {get;}
PrivateKey Property System.Security.Cryptography.AsymmetricAlgorithm PrivateKey {get;set;}
PublicKey Property System.Security.Cryptography.X509Certificates.PublicKey PublicKey {get;}
RawData Property byte[] RawData {get;}
SerialNumber Property string SerialNumber {get;}
SignatureAlgorithm Property System.Security.Cryptography.Oid SignatureAlgorithm {get;}
Subject Property string Subject {get;}
SubjectName Property System.Security.Cryptography.X509Certificates.X500DistinguishedName SubjectName {get;}
Thumbprint Property string Thumbprint {get;}
Version Property int Version {get;}
DnsNameList ScriptProperty System.Object DnsNameList {get=,(new-object Microsoft.Powershell.Commands.DnsNameProperty -argumentlist $this).DnsNameList;;}
EnhancedKeyUsageList ScriptProperty System.Object EnhancedKeyUsageList {get=,(new-object Microsoft.Powershell.Commands.EnhancedKeyUsageProperty -argumentlist $this).EnhancedKeyUsageList;;}
SendAsTrustedIssuer ScriptProperty System.Object SendAsTrustedIssuer {get=[Microsoft.Powershell.Commands.SendAsTrustedIssuerProperty]::ReadSendAsTrustedIssuerProperty($this);set=$sendAsTrustedIssuer = $args[0]...
Upvotes: 6
Related Questions
- How to get all certificates with powershell?
- How to download the SSL certificate from a website using PowerShell?
- Trouble with retrieving certificate information in Powershell?
- How to retrieve SSL certificate of an IIS website in PowerShell
- Get SSL Certificate 'Issued to'
- Get Certificate Intended Purposes
- Get certificates information using powershell
- Get chain of certificates for a file with PowerShell?
- Powershell Select-object from cert store
- How can I access Certificate ExtendedProperties using powershell?