Clever Geek Handbook

Identifying a certificate by certificate template name in PowerShell

I need to use a PowerShell script to select a certificate named "Certificate Template Name" as "Machine". In certmgr.msc, this is "Certificate Template" with the value "Computer". In Detail, the same one has "Certificate Template Name" as "Machine".

How can I use any of these values ​​in a PowerShell script?

So far I have:

get-childitem cert:\localmachine\my | where-object {$_.}

I tried almost every method that loads intellisense but couldn't find anything that met my needs.

Thank,

+4


source to share


4 answers


Try this powershell CertificatePS module . Inside there is this cmdlet Get-CertificateTemplate

, which does exactly what you want it to do. I developed it and I use it myself to differentiate between machine and website template certificates.

This is an example of use, although there are other possibilities, such as adding a PSNoteProperty to each returned object

# With Select-Object
Get-ChildItem "Cert:\LocalMachine\My" | Select-Object Name,Thumbprint,@{Name="Template";Expression={Get-CertificateTemplate $_}}

# With Where-Object
Get-ChildItem "Cert:\LocalMachine\My" | Where-Object {Get-CertificateTemplate $_ -eq "Template"}}


Check out more examples of this module here .

The module is not perfect, so if you have any feedback or contributions, please do so on the github project .

0


source


Here's a built-in PowerShell solution:

Thank you for the PowerShell Gallery



<#
.SYNOPSIS
 Outputs an object consisting of the template name (Template), an OID (OID), the minor version (MinorVersion), and the major version (MajorVersion).

.DESCRIPTION
 Outputs an object consisting of the template name (Template), an OID (OID), the minor version (MinorVersion), and the major version (MajorVersion).
 This information is derived from the Certificate Extensions.

.PARAMETER Certificate
 A X509Certificate2 object

.EXAMPLE
 Get-ChildItem "Cert:\LocalMachine\My" | Get-CertificateTemplate

.EXAMPLE
 Get-ChildItem "Cert:\LocalMachine\My" | Select-Object Name,Thumbprint,@{Name="Template";Expression={Get-CertificateTemplate $_}}

.INPUTS
 Any X509Certificate2 object

.OUTPUTS
 [PSCustomObject] @{Template=<template name; OID=<oid string>; MajorVersion=<major version num>; MinorVersion=<minor version num> }
#>
function Get-CertificateTemplate {
  [CmdletBinding(SupportsShouldProcess=$false)]
  [OutputType([string])]
  Param([Parameter(Mandatory=$true, ValueFromPipeline=$true)] [ValidateNotNull()] [Security.Cryptography.X509Certificates.X509Certificate2]$Certificate)

  Process {
    $regExPrimary=[System.Text.RegularExpressions.Regex]::new("Template=([\w\s\d\.]+)\(((?:\d+.)+)\), Major Version Number=(\d+), Minor Version Number=(\d+)",[System.Text.RegularExpressions.RegexOptions]::None)
    $regExSecondary=[System.Text.RegularExpressions.Regex]::new("Template=((?:\d+.)+), Major Version Number=(\d+), Minor Version Number=(\d+)",[System.Text.RegularExpressions.RegexOptions]::None)

    $temp = $Certificate.Extensions | Where-Object { $_.Oid.FriendlyName -eq "Certificate Template Name" }
    if ($temp -eq $null) {
      Write-Verbose "Did not find 'Certificate Template Name' extension"
      $temp=$Certificate.Extensions | Where-Object { $_.Oid.Value -eq "1.3.6.1.4.1.311.21.7" }
    }
    else { Write-Verbose "Found 'Certificate Template Name' extension" }

    $Matches=$regExPrimary.Matches($temp.Format($false))
    if ($Matches.Count -gt 0) {
      $object=@{Template=$Matches[0].Groups[1].Value; OID=$Matches[0].Groups[2].Value; 
                MajorVersion=$Matches[0].Groups[3].Value; MinorVersion=$Matches[0].Groups[4].Value;
                Thumbprint=$Certificate.Thumbprint }
    }
    else {
      $Matches=$regExSecondary.Matches($temp.Format($false))
      if ($Matches.Count -gt 0) {
        Write-Verbose "Found certificate without a valid Template Name"
        $object=@{Template=$Matches[0].Groups[1].Value; OID=$Matches[0].Groups[1].Value; 
                  MajorVersion=$Matches[0].Groups[2].Value; MinorVersion=$Matches[0].Groups[3].Value;
                  Thumbprint=$Certificate.Thumbprint }

      }
      else {
        Write-Verbose "Found root certificate"
        $object=@{Template="Root Certificate"; OID=""; MajorVersion=""; MinorVersion=""; Thumbprint=$Certificate.Thumbprint }
      }
    }
    return [PSCustomObject]$object
  }
}
0


source


Here is the sans-modules solution:

Get-ChildItem Cert:\LocalMachine\my | Where-Object{$_.Extensions | Where-Object{$_.oid.friendlyname -match "Template" -and $_.format(0) -match "Machine"}}
0


source


$ cert.Extension.format (0) and format (1) return these attributes in a human-readable way.

     # Retrieves CRL distribution point if present
    function Get-CRLDistPoint {
        Param ($cert)
                $extension = $cert.Extensions | where {$_.OID.FriendlyName -eq "CRL Distribution Points"}
                if ($extension) {
                    $crlURL = $extension.Format(0)
                    # trim header
                    $crlURL = $crlURL -replace "^.*URL=", ""
                    }
                $crlURL
    }

Get-ChildItem Cert:\LocalMachine\my | %{ Get-CRLDistPoint}
0


source






More articles:


All Articles