Where exactly is a particular SSL cert installed?

Hi all,
          when faced with SSL certificate renewals, it's nice to know which servers have the cert installed in the first place. If I have a cert that I need to renew (either issued internally or by a trusted third party), how do I determine which servers is it installed on? There must be a powershell script/other method to query all servers on the domain using thumbprints/friendly names/issuing authority. The server is running 2012 but I need an answer that works for 2008 as well if possible.
thanks in advance
LVL 1
hannibalsmithAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

brendanmeyerCommented:
you can start with

$certs = invoke-command {gci cert: -recurse} -computername <remote computer>

just need to make it run through a list of servers
0
hannibalsmithAuthor Commented:
hi Brendan,
                    thanks for your comment. Correct me if I'm wrong, but that script will list the certs being used by the target machine. What I need is a way of actually searching machines for the cert's thumbprint or issuer rather than generating a list of certs on all target systems and manually searching (which can be time consuming depending on the size of the domain)
0
brendanmeyerCommented:
here is some code that will list all the certs from the servers specified in to a text file
you can then use a program like Notepad++ to search for the thumbprint(s) quite easily

you can change the width if you want extra space for the Subject

will output like this
PSComputerName is the server is it on
Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\Root is the location for the certificate
    Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\Root


Thumbprint                                Subject                                                                                                                                                                             PSComputerName                                                                                                                                                                    
----------                                -------                                                                                                                                                                             --------------                                                                                                                                                                    
CDD4EEAE6000AC7F40C3802C171E30148030C072  CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com                                                                                                                       dc01                                                                                                                                                                              

Open in new window


$serverlist = @("dc01", "cm01")
$file = "certs.txt"
$width = 400


Function Get-CertsFromServer([string]$server = ".")
{
    $tempserver = ""
    if($server.ToLower() -eq $env:computername.ToLower())
    {
        $tempserver = $server
        $server = "."
    }

    $certlist = @()
    if($server -eq ".")
    {
        $certs = Get-ChildItem cert: -Recurse
    }
    else
    {
        $certs = Invoke-Command { Get-ChildItem cert: -Recurse } -ComputerName $server
    }

    foreach($cert in $certs)
    {
        $type = $cert.GetType()
        if($type.Name -eq "X509Certificate2")
        {
            if($tempserver -ne "")
            {
                $cert | Add-Member @{PSComputerName=$tempserver} -PassThru
            }
            $certlist += $cert
        }
    }
    $certlist
}


#----------------------------------------------------------------


foreach($server in $serverlist)
{
    $certs += Get-CertsFromServer $server
}

$certs | Out-File $file -Width $width

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

hannibalsmithAuthor Commented:
looks good, Brendan, thank you. I'll try it as soon as possible and report back...
0
hannibalsmithAuthor Commented:
Hi Brendan,
                     sorry for the delay in getting back to you. It's been hectic and I haven't had the time until now. I've tested the script and it's exactly what I need! Thanks for your help on this one.
0
hannibalsmithAuthor Commented:
Precisely what I needed, code was not unnecessarily complex and answered my question.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.