Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Accessing attributes/properties/fields in a Certificate

Posted on 2010-09-01
6
Medium Priority
?
1,085 Views
Last Modified: 2012-05-10
Is there a way to access the properties of an installed certificate?  We are trying to read the certificate hash and set the SSL bindings using PowerShell. Need a way to access the certificates hash. Netsh is retuning null values.
0
Comment
Question by:CAKNV
  • 3
6 Comments
 
LVL 13

Accepted Solution

by:
soostibi earned 1000 total points
ID: 33580163
You can access certificates through the cert: PSDrive:

get-item  cert:\CurrentUser\root\F84622A890DA9112399CDA25A4797FBF7C0DA37C | fl *

With a 'get-childitem' starting from cert:\ you can enumerate containers and certificates.

Some properties are also complex objects, so you have to examine the properties of properties to get the information you want:

For example:
PS cert:\CurrentUser\root> (Get-Item F84622A890DA9112399CDA25A4797FBF7C0DA37C ).publickey.key.cspkeycontainerinfo | fl *
0
 

Author Comment

by:CAKNV
ID: 33580786
We cannot use PSDrive because need to have no user intervention.  We are trying to automate the installation and will only have the information we used to automate the creation of the certificate.  
0
 
LVL 13

Expert Comment

by:soostibi
ID: 33581064
Why would you have to have user intervention when using a PSDrive? PSDrives are there...
0
 
LVL 1

Assisted Solution

by:ldap389
ldap389 earned 1000 total points
ID: 33582024
For exemple when use the command line "certutil -store my",  certificate information about your local machine  certificate store is displayed, the certificate's hash is part of the output. But you cannot retrieve certificate's hash without parsing output of the command line result. Not very good for automation...

Hopefully, you can use Quest AD CmdLets 1.4, there is a PowerShell package for certificates and PKI management:

http://wiki.powergui.org/index.php/QAD_cmdlets_reference#Certificate_and_Public_Key_Infrastructure_.28PKI.29_management

With Quest AD CmdLets if you want the certificate's hash, you just have retrieve it with the "thumbprint" value of the Get-QADCertificate cmdlet. (http://wiki.powergui.org/index.php/Get-QADCertificate)

So to display your local computer store certificates hash just run:

Get-QADLocalCertificateStore My  -StoreLocation LocalMachine | Get-QADCertificate | format-table thumbprint

0
 
LVL 13

Expert Comment

by:soostibi
ID: 33584178
I still do not understand you. If I collect the certs by certutil -store and make a little conversion on the hashes, I'll get the same result as parsing the cert: PSdrive. PowerShell calls "thumbprint" the hashes. (I do not really know certutil, but I think it parses the currentuser/my and the localmachine/my cert stores, through the cert: PSDrive you can get all the certs.)



$h = certutil -store | Select-String ([regex]::escape("Cert Hash(sha1):")) -AllMatches | %{$_ -replace "\s",""} | %{$_ -replace "CertHash\(sha1\):",""} # hashes from certutil

Get-ChildItem cert:\ -Recurse | ?{!$_.psiscontainer} | ?{$h -contains $_.thumbprint} # finding the same hashes in the cert PSDrive.

Open in new window

0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Loops Section Overview

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question