Solved

Enumerate Certificate in the network

Posted on 2014-10-21
9
139 Views
Last Modified: 2014-10-23
Hi,

I would need to enumerates the certs which are installed on all the server in our network (windows 2003 & windows2008) ..

I would like to know are there any script available to collect the certificate information from w2k3 & windows 2008.

Thanks
0
Comment
Question by:stadmin
  • 5
  • 4
9 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40396287
Here is a script that should work:


function Get-Cert($computer)
{
	$ro = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
	$lm = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
	$store = new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\My", $lm)
	$store.Open($ro)
	$store.Certificates
	
}
gc c:\serverlist.txt | % {
	$computer = $_;
	Get-Cert $_ | % {		
		$sub = $_.subject; $report += "$computer, $sub`n"
	}
	
}
$report | out-file C:\certreport.csv

Open in new window

0
 
LVL 1

Author Comment

by:stadmin
ID: 40396516
Hi,

we are getting below error while running the script

PS C:\Temp\Bios> server.domain.com
server.domain.com : The term 'server.domain.com' is not recognized as the name of a cmdlet
function, script file, or operable program. Check the spelling of the name, or if a path was included, verif
path is correct and try again.
At line:1 char:1
+ server.domain.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (server.domain.com:String) [], CommandNotFoundExcepti
    + FullyQualifiedErrorId : CommandNotFoundException
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397352
Ok so it seems like you are missing something:

Steps:
1. Save the code snippet as <script>.ps1     (<script> being whatever name you want to give it)
Change the first line to map correctly to your server list, which should be a text file with one servername on each line.

$serverlist = "C:\foldername\serverlist.txt"
function Get-Cert($computer)
{
	$ro = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
	$lm = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
	$store = new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\My", $lm)
	$store.Open($ro)
	$store.Certificates
	
}
gc $serverlist | % {
	$computer = $_;
	Get-Cert $_ | % {		
		$sub = $_.subject; $report += "$computer, $sub`n"
	}
	
}
$report | out-file C:\certreport.csv

Open in new window

                                         

2. Open a powershell window and navigate to the path where you saved the ps1 file above
3. Ensure your server list which will be called with (gc c:\serverlist.txt) is in the right location ...
e.g.  C:\foldername\serverlist.txt
4. Run the script
0
 
LVL 1

Author Comment

by:stadmin
ID: 40398584
I did the same changed the path to match the server list .. saved the script as PS1 file.. and changed the output file location

still getting the same error
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 
LVL 29

Expert Comment

by:becraig
ID: 40398589
Can you please post the error you are getting.

It isn't possible to help with seeing the error.

E.g your previous post shows:

PS C:\Temp\Bios> server.domain.com
server.domain.com : The term 'server.domain.com' is not recognized as the name of a cmdlet

But this is not a known command nor called out anywhere in the script I provided
0
 
LVL 1

Author Comment

by:stadmin
ID: 40398707
Thanks It worked; But I do need to know about the expiry dates of the certificates.. How dow e gather that info??

your help is very much appreciated
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40398714
Made an update to add the expiry to the values returned:
function Get-Cert($computer)
{
	$ro = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
	$lm = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
	$store = new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\My", $lm)
	$store.Open($ro)
	$store.Certificates
	
}
gc c:\serverlist.txt | % {
	$computer = $_;
	Get-Cert $_ | % {		
		$sub = $_.subject;$expiry = $_.notafter $report += "$computer, $sub, $expiry`n"
	}
	
}
$report | out-file C:\certreport.csv

Open in new window

0
 
LVL 1

Author Comment

by:stadmin
ID: 40398756
thanks alot for the help
0
 
LVL 29

Expert Comment

by:becraig
ID: 40398760
No problem, happy to help.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
security question 7 58
Thinking about moving away from OS X to either Ubuntu or Windows 10... 34 156
risks of using YouSendIt & DropBox & GoogleDrive 12 88
Ransome Ware Question 10 138
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
OfficeMate Freezes on login or does not load after login credentials are input.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now