Today to update a blog, the same is the application of PowerShell, skilled use of PowerShell for ordinary work often can play an unexpected effect, a lot of things change a thought will often find that can take a lot of detours, Today introduced in fact is mainly PowerShell in the certificate of some simple application, corresponding to the usual work in a scene, in our production environment there are many many certificates, some self-signed, there are a lot of third-party companies to apply for the public network certificate, These certificates usually we are back up in a public folder, in case of a rainy days, the folder stored in the certificate is no more than hundred, and various folders interspersed with the whole folder to make the structure more complex. It takes a lot of time to find out the certificate, and also to see the certificate's attribute one by one validation. So the previous time wrote this PowerShell's script to facilitate the query, which can be based on the input folder path and the certificate's fingerprint information, convenient folder under the properties of all certificates, to query the specific thumbprint of the certificate details and the path, the script content is as follows
#Get-pfxdata is only supported by powershell 4.0 or higher[ Cmdletbinding ()]param ([Parameter (mandatory = $true, position = 0)][string] $Thumbprint , [Parameter (mandatory = $true, position = 1)][string] $FolderPath, [Parameter (Mandatory = $false, position = 2)] $Password) if ($PSVersionTable. psversion.major -lt 4) {write-warning "you need run the script on powershell 4.0 or higher "exit}[string[]" $CertPath = $null [string[]] $ShortCertPath = $null [ Pscustomobject[]] $OutputCerts = $null #============================================================== ====== $ShortCertPath = Get-ChildItem -Path $FolderPath -recurse -force - include *.cer, *.pfx -name# in fact can be directly implemented with FullName foreach ($SCP in $ShortCertPath) {$CertPath +=join-path $Folderpath $SCP}#==================================================================== #密码是个可选参数, this sets the value of the default password, If there is a unified password can be in the script in the location of the password to fill in if ($Password) {$Password = convertto-securestring -asplaintext $Password -force}else{$Password = ConvertTo-SecureString -AsPlainText "* * *" -Force}#====================================================================foreach ($CP in $CertPath) {if ($CP. EndsWith (". pfx")) {try{$Error. Clear () $PfxCert = Get-PfxData -FilePath $CP -password $Password}catch{# $ErrorMessage = $cp + $Error [0]. exception.message#write-host -foregroundcolor ' Red ' ' $ (get-date -uformat %y%m%d-%h:%m :%s) " $ErrorMessage $pwdtxt = join-path (get-childitem $cp). directory.fullname "Pwd.txt" if (test-path $pwdtxt) {$OtherPasswordtxt = get-content $pwdtxt         &NBsp; if ($OtherPasswordtxt. length -lt 5) { $OtherPassword = convertto-securestring -asplaintext $OtherPasswordtxt [0] -force } else { $OtherPassword = convertto-securestring -asplaintext $OtherPasswordtxt -Force }try{ $ Error.clear () $PfxCert = Get-PfxData -FilePath $cp -Password $OtherPassword}catch {$ErrorMessage = $cp + $Error [0]. exception.messagewrite-warning "$ (get-date -uformat %y%m%d-%h:%m:%s)" $ErrorMessage}}else{ write-warning "didn ' t find the password for $cp, so pls check the thumbprint manually "#Write-warning " the password for $cp is Not correct, so pls check the thumbprint manually "}} $PfxThumbprint = $PfxCert .endentitycertificates.thumbprintif ($PfxThumbprint -eq $Thumbprint) {$PfxObject = $null $pfxobject = new-object -typename psobject$pfxobject | add-member -membertype noteproperty -name enhancedkeyusagelist -value $Pfxcert.endentitycertificates.enhancedkeyusagelist$pfxobject | add-member -membertype noteproperty -name dnsnamelist -value $PfxCert. Endentitycertificates.dnsnamelist$pfxobject | add-member -membertype noteproperty -name sendastrustedissuer -value $PfxCert. Endentitycertificates.sendastrustedissuer$pfxobject | add-member -membertype noteproperty -name enrollmentpolicyendpoint -value $ pfxcert.endentitycertificates.enrollmentpolicyendpoint$pfxobject | add-member -membertype noteproperty -name enrollmentserverendpoint -value $ pfxcert.endentitycertificates.enrollmentserverendpoint$pfxobject | add-member -membertype noteproperty -name policyid -value $PfxCert .endentitycertificates.policyid$pfxobject | add-member -membertype noteproperty -name archived -value $PfxCert. Endentitycertificates.archived$pfxobject | add-member -membertype noteproperty -Name Extensions -Value $PfxCert .endentitycertificates.extensions$pfxobject | add-member -membertype noteproperty -name friendlyname -value $ Pfxcert.endentitycertificates.friendlyname$pfxobject | add-member -membertype noteproperty -Name IssuerName -Value $PfxCert .endentitycertificates.issuername$pfxobject | add-member -membertype noteproperty -name notafter -value $ Pfxcert.endentitycertificates.notafter$pfxobject | add-member -membertype noteproperty -Name NotBefore -Value $PfxCert .endentitycertificates.notbefore$pfxobject | add-member -membertype noteproperty -name hasprivatekey -value $ Pfxcert.endentitycertificates.hasprivatekey$pfxobject | add-member -membertype noteproperty -name privatekey -value $ Pfxcert.endentitycertificates.privatekey$pfxobject | add-member -membertype noteproperty -Name PublicKey -Value $PfxCert .endentitycertificates.publickey$pfxobject | add-member -membertype noteproperty -name rawdata -value $ Pfxcert.endentitycertificates.rawdata$pfxobject | add-member -membertype noteproperty -Name SerialNumber -Value $PfxCert. endentitycertificates.serialnumber$pfxobject | add-member -membertype noteproperty -name subjectname -value $ Pfxcert.endentitycertificates.subjectname$pfxobject | add-member -membertype noteproperty -Name SignatureAlgorithm -Value $PfxCert. endentitycertificates.signaturealgorithm$ Pfxobject | add-member -membertype noteproperty -name thumbprint -value $PfxCert. endentitycertificates.thumbprint$pfxobject | add-member - membertype noteproperty -name version -value $PfxCert. endentitycertificates.version$ pfxobject | add-member -membertype noteproperty -name handle -value $ pfxcert.endentitycertificates.handle$pfxobject | add-member -membertype noteproperty -name issuer -value $PfxCert. Endentitycertificates.issuer$pfxobject | add-member -membertype noteproperty -name subject -value $ Pfxcert.endentitycertificates.subject$pfxobject | add-member -membertype noteproperty -Name CertFilePath -Value $CP $outputcerts += $PfxObject}}elseif ($CP. EndsWith (". cer")) {$CerCert = Get-PfxCertificate -FilePath $cp $certhumbprint = $ cercert.thumbprintif ($CerThumbprint -eq $Thumbprint) {$CerObject = $null $cerobject = new-object -typename psobject$cerobject | add-member -membertype noteproperty -name enhancedkeyusagelist -value $ Cercert.enhancedkeyusagelist$cerobject | add-member -membertype noteproperty -name DnsNameList -Value $CerCert. Dnsnamelist$cerobject | add-member -membertype NoteProperty -Name SendAsTrustedIssuer -Value $CerCert. Sendastrustedissuer$cerobject | add-member -membertype noteproperty -name enrollmentpolicyendpoint - value $CerCert .enrollmentpolicyendpoint$cerobject | add-member -membertype noteproperty -name enrollmentserverendpoint -value $CerCert. enrollmentserverendpoint$ cerobject | add-member -membertype noteproperty -name policyid -value $CerCert. Policyid$cerobject | add-member -membertype noteproperty -name archived -value $CerCert. Archived$ Cerobject | add-member -membertype noteproperty -name extensions -value $CerCert .extensions$cerobject | add-member -membertype noteproperty -name friendlyname -value $CerCert .friendlyname$cerobject | add-member -membertype noteproperty -name issuername -value $CerCert. Issuername$cerobject | add-member -MemberType NoteProperty -Name NotAfter -Value $CerCert. Notafter$cerobject | add-member -membertype noteproperty -name notbefore -value $ cercert.notbefore$cerobject | add-member -membertype noteproperty -name hasprivatekey -value $CerCert .hasprivatekey$cerobject | add-member -membertype noteproperty -name privatekey -value $CerCert. Privatekey$cerobject | add-member -membertype noteproperty -name PublicKey -Value $CerCert .publickey$cerobject | add-member -membertype noteproperty -name rawdata -value $CerCert. rawdata$cerobject | add-member - membertype noteproperty -name serialnumber -value $CerCert. SerialNumber$CerObject | add-member -membertype noteproperty -name subjectname -value $ cercert.subjectname$cerobject | add-member -membertype noteproperty -name signaturealgorithm -value $CerCert. signaturealgorithm$cerobject | add-member - membertype noteproperty -name thumbprint -value $CerCert. thumbprint$cerobject | Add-Member -MemberType NoteProperty -Name Version -Value $CerCert. version$ cerobject | add-member -membertype noteproperty -name handle -value $CerCert .handle$cerobject | add-member -membertype noteproperty -name issuer -value $CerCert. Issuer$ cerobject | add-member -membertype noteproperty -name subject -value $ cercert.subject$cerobject | add-member -membertype noteproperty -name certfilepath -value $CP $outputcerts += $CerObject}}else{write-host "$CP is not a valid cert " -ForegroundColor ' Red '}}#==================================== ================================if ($OutputCerts -ne $null) {if ($OutputCerts. count - eq 1) {write-host "there is one cert with thumbprint $Thumbprint under folder $FolderPath " -ForegroundColor Cyan '}else{$cc = $OutputCerts. Countwrite-host "there are $cc certs with thumbprint $Thumbprint under Folder $FolderPath " - foregroundcolor ' Cyan '}for ($i = 0; $i -lt $OutputCerts. Count; $i + +) { write-host "no:$ ($i + 1)" $OutputCerts [$i]write-host "================================================= ================================================ "}}else{write-host " there is no cert with thumbprint $Thumbprint under Folder $FolderPath " -ForegroundColor " Cyan '}
Overall, the script is simple, the implementation of the function is not complex, mainly to see the PowerShell in the certificate of some basic applications, if necessary, you can combine the various statements freely together to achieve the desired function
This article is from the "Just Make It Happen" blog, so be sure to keep this source http://mxyit.blog.51cto.com/4308871/1855483
Use PowerShell to traverse certificate information to find a corresponding certificate