Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1097
  • Last Modified:

Accessing attributes/properties/fields in a Certificate

Is there a way to access the properties of an installed certificate?  We are trying to read the certificate hash and set the SSL bindings using PowerShell. Need a way to access the certificates hash. Netsh is retuning null values.
0
CAKNV
Asked:
CAKNV
  • 3
2 Solutions
 
soostibiCommented:
You can access certificates through the cert: PSDrive:

get-item  cert:\CurrentUser\root\F84622A890DA9112399CDA25A4797FBF7C0DA37C | fl *

With a 'get-childitem' starting from cert:\ you can enumerate containers and certificates.

Some properties are also complex objects, so you have to examine the properties of properties to get the information you want:

For example:
PS cert:\CurrentUser\root> (Get-Item F84622A890DA9112399CDA25A4797FBF7C0DA37C ).publickey.key.cspkeycontainerinfo | fl *
0
 
CAKNVAuthor Commented:
We cannot use PSDrive because need to have no user intervention.  We are trying to automate the installation and will only have the information we used to automate the creation of the certificate.  
0
 
soostibiCommented:
Why would you have to have user intervention when using a PSDrive? PSDrives are there...
0
 
ldap389Commented:
For exemple when use the command line "certutil -store my",  certificate information about your local machine  certificate store is displayed, the certificate's hash is part of the output. But you cannot retrieve certificate's hash without parsing output of the command line result. Not very good for automation...

Hopefully, you can use Quest AD CmdLets 1.4, there is a PowerShell package for certificates and PKI management:

http://wiki.powergui.org/index.php/QAD_cmdlets_reference#Certificate_and_Public_Key_Infrastructure_.28PKI.29_management

With Quest AD CmdLets if you want the certificate's hash, you just have retrieve it with the "thumbprint" value of the Get-QADCertificate cmdlet. (http://wiki.powergui.org/index.php/Get-QADCertificate)

So to display your local computer store certificates hash just run:

Get-QADLocalCertificateStore My  -StoreLocation LocalMachine | Get-QADCertificate | format-table thumbprint

0
 
soostibiCommented:
I still do not understand you. If I collect the certs by certutil -store and make a little conversion on the hashes, I'll get the same result as parsing the cert: PSdrive. PowerShell calls "thumbprint" the hashes. (I do not really know certutil, but I think it parses the currentuser/my and the localmachine/my cert stores, through the cert: PSDrive you can get all the certs.)



$h = certutil -store | Select-String ([regex]::escape("Cert Hash(sha1):")) -AllMatches | %{$_ -replace "\s",""} | %{$_ -replace "CertHash\(sha1\):",""} # hashes from certutil

Get-ChildItem cert:\ -Recurse | ?{!$_.psiscontainer} | ?{$h -contains $_.thumbprint} # finding the same hashes in the cert PSDrive.

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now