Solved

Accessing attributes/properties/fields in a Certificate

Posted on 2010-09-01
6
1,061 Views
Last Modified: 2012-05-10
Is there a way to access the properties of an installed certificate?  We are trying to read the certificate hash and set the SSL bindings using PowerShell. Need a way to access the certificates hash. Netsh is retuning null values.
0
Comment
Question by:CAKNV
  • 3
6 Comments
 
LVL 13

Accepted Solution

by:
soostibi earned 250 total points
ID: 33580163
You can access certificates through the cert: PSDrive:

get-item  cert:\CurrentUser\root\F84622A890DA9112399CDA25A4797FBF7C0DA37C | fl *

With a 'get-childitem' starting from cert:\ you can enumerate containers and certificates.

Some properties are also complex objects, so you have to examine the properties of properties to get the information you want:

For example:
PS cert:\CurrentUser\root> (Get-Item F84622A890DA9112399CDA25A4797FBF7C0DA37C ).publickey.key.cspkeycontainerinfo | fl *
0
 

Author Comment

by:CAKNV
ID: 33580786
We cannot use PSDrive because need to have no user intervention.  We are trying to automate the installation and will only have the information we used to automate the creation of the certificate.  
0
 
LVL 13

Expert Comment

by:soostibi
ID: 33581064
Why would you have to have user intervention when using a PSDrive? PSDrives are there...
0
 
LVL 1

Assisted Solution

by:ldap389
ldap389 earned 250 total points
ID: 33582024
For exemple when use the command line "certutil -store my",  certificate information about your local machine  certificate store is displayed, the certificate's hash is part of the output. But you cannot retrieve certificate's hash without parsing output of the command line result. Not very good for automation...

Hopefully, you can use Quest AD CmdLets 1.4, there is a PowerShell package for certificates and PKI management:

http://wiki.powergui.org/index.php/QAD_cmdlets_reference#Certificate_and_Public_Key_Infrastructure_.28PKI.29_management

With Quest AD CmdLets if you want the certificate's hash, you just have retrieve it with the "thumbprint" value of the Get-QADCertificate cmdlet. (http://wiki.powergui.org/index.php/Get-QADCertificate)

So to display your local computer store certificates hash just run:

Get-QADLocalCertificateStore My  -StoreLocation LocalMachine | Get-QADCertificate | format-table thumbprint

0
 
LVL 13

Expert Comment

by:soostibi
ID: 33584178
I still do not understand you. If I collect the certs by certutil -store and make a little conversion on the hashes, I'll get the same result as parsing the cert: PSdrive. PowerShell calls "thumbprint" the hashes. (I do not really know certutil, but I think it parses the currentuser/my and the localmachine/my cert stores, through the cert: PSDrive you can get all the certs.)



$h = certutil -store | Select-String ([regex]::escape("Cert Hash(sha1):")) -AllMatches | %{$_ -replace "\s",""} | %{$_ -replace "CertHash\(sha1\):",""} # hashes from certutil

Get-ChildItem cert:\ -Recurse | ?{!$_.psiscontainer} | ?{$h -contains $_.thumbprint} # finding the same hashes in the cert PSDrive.

Open in new window

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question