Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Accessing attributes/properties/fields in a Certificate

Posted on 2010-09-01
6
Medium Priority
?
1,082 Views
Last Modified: 2012-05-10
Is there a way to access the properties of an installed certificate?  We are trying to read the certificate hash and set the SSL bindings using PowerShell. Need a way to access the certificates hash. Netsh is retuning null values.
0
Comment
Question by:CAKNV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
6 Comments
 
LVL 13

Accepted Solution

by:
soostibi earned 1000 total points
ID: 33580163
You can access certificates through the cert: PSDrive:

get-item  cert:\CurrentUser\root\F84622A890DA9112399CDA25A4797FBF7C0DA37C | fl *

With a 'get-childitem' starting from cert:\ you can enumerate containers and certificates.

Some properties are also complex objects, so you have to examine the properties of properties to get the information you want:

For example:
PS cert:\CurrentUser\root> (Get-Item F84622A890DA9112399CDA25A4797FBF7C0DA37C ).publickey.key.cspkeycontainerinfo | fl *
0
 

Author Comment

by:CAKNV
ID: 33580786
We cannot use PSDrive because need to have no user intervention.  We are trying to automate the installation and will only have the information we used to automate the creation of the certificate.  
0
 
LVL 13

Expert Comment

by:soostibi
ID: 33581064
Why would you have to have user intervention when using a PSDrive? PSDrives are there...
0
 
LVL 1

Assisted Solution

by:ldap389
ldap389 earned 1000 total points
ID: 33582024
For exemple when use the command line "certutil -store my",  certificate information about your local machine  certificate store is displayed, the certificate's hash is part of the output. But you cannot retrieve certificate's hash without parsing output of the command line result. Not very good for automation...

Hopefully, you can use Quest AD CmdLets 1.4, there is a PowerShell package for certificates and PKI management:

http://wiki.powergui.org/index.php/QAD_cmdlets_reference#Certificate_and_Public_Key_Infrastructure_.28PKI.29_management

With Quest AD CmdLets if you want the certificate's hash, you just have retrieve it with the "thumbprint" value of the Get-QADCertificate cmdlet. (http://wiki.powergui.org/index.php/Get-QADCertificate)

So to display your local computer store certificates hash just run:

Get-QADLocalCertificateStore My  -StoreLocation LocalMachine | Get-QADCertificate | format-table thumbprint

0
 
LVL 13

Expert Comment

by:soostibi
ID: 33584178
I still do not understand you. If I collect the certs by certutil -store and make a little conversion on the hashes, I'll get the same result as parsing the cert: PSdrive. PowerShell calls "thumbprint" the hashes. (I do not really know certutil, but I think it parses the currentuser/my and the localmachine/my cert stores, through the cert: PSDrive you can get all the certs.)



$h = certutil -store | Select-String ([regex]::escape("Cert Hash(sha1):")) -AllMatches | %{$_ -replace "\s",""} | %{$_ -replace "CertHash\(sha1\):",""} # hashes from certutil

Get-ChildItem cert:\ -Recurse | ?{!$_.psiscontainer} | ?{$h -contains $_.thumbprint} # finding the same hashes in the cert PSDrive.

Open in new window

0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question