A week or so ago we had client of ours ask for an audit of their certificates. This is a small client so initially we provided them with screenshots of all the certificates in the Computer > Certificate > Personal folder. That is where we find 95% of these certificates we work on any given year.
However, in this case it turned out that the client had a number of certificates stored in the Web Hosting folder as well, And so they requested more detail. That is when we had our scripting expert Khalid Abdulahani, from Toronto create the following script which exports the details of every active non expired certificate from all certificate folders.
# Make Sure C:\temp directory exists
$csvPath = "C:\temp\certificates.csv"
if (-not (Test-Path -Path "C:\temp")) {
New-Item -ItemType Directory -Path "C:\temp"
}
# Get host name of the computer
$hostName = $env:COMPUTERNAME
# Set mapping of folder paths to friendly names
$folderMapping = @{
"CA" = "Intermediate Certification Authorities"
"My" = "Personal"
"Root" = "Trusted Root Certification Authorities"
"TrustedPublisher" = "Trusted Publishers"
"Disallowed" = "Untrusted Certificates"
"AuthRoot" = "Third-Party Root Certification Authorities"
"TrustedPeople" = "Trusted People"
"WebHosting" = "Web Hosting"
"Remote Desktop" = "Remote Desktop Trusted Devices"
"Windows Live ID Token Issuer" = "Windows Live ID Token Issuer"
"PreviewBuilds" = "Preview Build Roots"
"TestRoot" = "Test Roots"
"ClientAuthIssuer" = "Client Authentication Issuers"
"OtherPeople" = "Other People"
"Microsoft Monitoring Agent" = "Microsoft Monitoring Agent"
"CertificateEnrollmentRequests" = "Certificate Enrollment Requests"
"Runtime_Transport_Store_D2E68232-6F4D-4523-941B-F0" = "Runtime Transport Store"
"SmartCardRoot" = "Smart Card Trusted Roots"
"TrustedDevices" = "Trusted Devices"
"WindowsServerUpdateServices" = "Windows Server Update Services"
}
# Collect all certificates from the Local Computer store
$certificates = Get-ChildItem -Path Cert:\LocalMachine\ -Recurse | Where-Object {
$_.NotAfter -gt (Get-Date)
}
# Create an array to store certificate information
$certInfo = @()
# Loop through the certificates and extract the required information
foreach ($cert in $certificates) {
$location = $cert.PSParentPath -replace "Microsoft.PowerShell.Security\\Certificate::LocalMachine\\", ""
$folderName = $folderMapping[$location] -replace "Microsoft.PowerShell.Security\\Certificate::LocalMachine\\", ""
if (-not $folderName) {
$folderName = "Unknown Folder"
}
$certInfo += [PSCustomObject]@{
"Host Name" = $hostName
"Expiration Date" = $cert.NotAfter
"Friendly Name" = $cert.FriendlyName
"Issued To" = $cert.Subject
"Issued By" = $cert.Issuer
"Intended Purposes"= ($cert.EnhancedKeyUsageList | ForEach-Object { $_.FriendlyName }) -join ", "
"Source" = $folderName
}
}
# Sort the certs by Friendly Name
$certInfo = $certInfo | Sort-Object "Friendly Name"
# Export cert information to CSV file
$certInfo | Export-Csv -Path $csvPath -NoTypeInformation
Write-Output "Certificate information exported to $csvPath"
We were then able to add the contents of each CSV together into a mast CSV, open in Excel, make it pretty (set column widths, fonts, titles, convert to a table, sort) then present it to our happy customer.
We hope you find this as useful as we did. Thanks Khalid!
This website uses cookies.