Solved

PowerShell Script

Posted on 2013-01-22
6
553 Views
Last Modified: 2013-01-23
Hi,

Running the Get-ChildItem -Recurse Cert: in powershell gives me a list of installed certificates on the server.

My question is. How to I script this to get the certificates installed on several servers? I.e if I have a list of servers I want to query in a text file. Basically, how do I run this command on a list of servers?
0
Comment
Question by:MattyS82
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 38808157
gc serverlist.txt  | foreach-object {invoke-command -computername $_ -scriptblock {gci cert:\LocalMachine\My }}
0
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 250 total points
ID: 38808858
Try..
$servers = Get-Content c:\server.txt
[array]$certstore = $null
Foreach ($Server in $servers){
$store=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$server\my","LocalMachine")
$store.open("ReadOnly")
Foreach ($certfind in $store.certificates){
If ($certfind -ne $null)
{$certstore += New-Object Psobject -Property @{`
	"Server"=$Server
	"Subject"=$certfind.Subject
	"Issuer"=$certfind.Issuer
	"Thumbprint"=$certfind.Thumbprint
	"FriendlyName"=$certfind.FriendlyName
	"NotBefore"=$certfind.NotBefore
	"NotAfter"=$certfind.NotAfter}}
else {Write-Host "$server Does not contain any certs matching $Search" -B Yellow -F Red}
 }
}
$certstore | select Server,Subject,FriendlyName,NotAfter,NotBefore,Issuer,Thumbprint | Export-Csv c:\report.csv -NoTypeInformation

Open in new window

0
 
LVL 68

Expert Comment

by:Qlemo
ID: 38808896
Subsun,

There is an unresolved reference to $Search in the Write-Host message ;-). But the script works nevertheless.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 40

Expert Comment

by:Subsun
ID: 38809262
Ha.. I forgot to remove it. Thanks for checking...I just modified the script which I had done for another question #a38476902.. :-)

@MattyS82, You can modify line 16 to..
else {Write-Host "$server Does not contain any certs" -B Yellow -F Red}
0
 
LVL 29

Accepted Solution

by:
becraig earned 250 total points
ID: 38809509
@subsun though I like the fact you utilized the system security cryptography object which I think can be useful in other instances where something like the posh Cert provider does not exist (e.g. reading and importing / exporting pfx files etc).

I stayed with the request of the author of the question:
Running the Get-ChildItem -Recurse Cert: in powershell gives me a list of installed certificates on the server.
My question is. How to I script this to get the certificates installed on several servers?

In the spirit of your script I am adding a more detailed script utilizing the cert provider while offering more functionality.


Param ([string]$serverlist)
$servers = (gc $serverlist)
foreach ($server in $servers) 
	{
invoke-command -computername $server -scriptblock {
$server = hostname
$certs = (gci cert:\LocalMachine\My)
if ($certs -eq $null)
{write-host "`n There are no certificates present on $server" -fore yellow}
else{
write-host `n $server
foreach ($cert in $certs )
	{
	$serial = $cert.Serialnumber
	$subject = $cert.Subject
	$expiry = $cert.notafter
	write-host "Certificate:$subject `t serialnumber:$serial `t Expiry:$expiry"
   	}						  }
	}    
}

Open in new window



@MattyS82  The above solutions though both doing exactly what you need and maybe more have one subtle difference, if your servers do not have winrm Subsun's solution will be perfect for you.
0
 
LVL 1

Author Closing Comment

by:MattyS82
ID: 38811917
Thank you for your efforts. This is greatly appreciated and it was way beyond my knowledge of powershell.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now