[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to get list of all thumb print - certificates installed on all servers.

Posted on 2014-07-16
8
Medium Priority
?
587 Views
Last Modified: 2014-07-29
I want to get list of all certificates installed on all of my servers.

Power shell script

Please advise
0
Comment
Question by:SAIMSKY ADMIN
8 Comments
 
LVL 4

Expert Comment

by:Philip Portnoy
ID: 40199742
Get-ChildItem -Recurse Cert:
0
 
LVL 2

Expert Comment

by:HAJ2014
ID: 40199749
0
 
LVL 29

Expert Comment

by:becraig
ID: 40199793
If you have a list of servers and winrm configured this would work in a pinch:

gc c:\serverlist.txt | % {invoke-command -computername $_ -scriptblock {$hname = hostname; gci -recurse cert:\ | % {write-host $hanem $_.thumbprint $_.subject}}}

Open in new window

0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:SAIMSKY ADMIN
ID: 40201459
Becraig  Many thanks, Can you please  set script to export the results in csv file with server name , thumbprint ,etc.

many thanks
0
 

Author Comment

by:SAIMSKY ADMIN
ID: 40201467
Becraig, Please advise as I am getting this error for most of my servers when I run the above script.

Connecting to remote server SRV-S1158 failed with the following error message : The client cannot connect to the destination specified in the request. Verify that
the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM.
If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the
about_Remote_Troubleshooting Help topic.


Can you please also set somthing good , so I can get some good looking report.

Many thanks
0
 

Author Comment

by:SAIMSKY ADMIN
ID: 40201552
Actually , I am looking for complete script in which i will extract all certificates /thumbprints according to servers name amd than I have to verfiy if these 3 thumprints avialable or not.

4822824ece7ed1450c039aa077dc1f8ae3489bbf
c6796490cdeeaab31aed798752ecd003e6866cb2
d2dbf71823b2b8e78f5958096150bfcb97cc388a


many thanks
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 40202674
The script below is based on the assumption you want to know what servers these certificates are present on.
Also please edit the line:
gc c:\computerlist.txt - to represent the name of the file you will have the list of servers in.

function Get-Cert( $computer){
    $ro=[System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
    $lm=[System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
    $store=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\root",$lm)
    $store.Open($ro)
$store.Certificates
}
gc c:\computerlist.txt | % {$computer=$_
Get-Cert $_ | ?{$_.thumbprint -like "4822824ece7ed1450c039aa077dc1f8ae3489bbf" -or $_.thumbprint -like "" -or $_.thumbprint -like "c6796490cdeeaab31aed798752ecd003e6866cb2"
$tprint =  $_.thumbprint
$sub = $_.subject.split(',')[0]
$report += "$computer, $tprint, $Sub`n" }
}
$report | out-file file.csv

Open in new window

0
 

Author Closing Comment

by:SAIMSKY ADMIN
ID: 40226901
Wonderful and thanx
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question