Where exactly is a particular SSL cert installed?

Hi all,
          when faced with SSL certificate renewals, it's nice to know which servers have the cert installed in the first place. If I have a cert that I need to renew (either issued internally or by a trusted third party), how do I determine which servers is it installed on? There must be a powershell script/other method to query all servers on the domain using thumbprints/friendly names/issuing authority. The server is running 2012 but I need an answer that works for 2008 as well if possible.
thanks in advance
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

you can start with

$certs = invoke-command {gci cert: -recurse} -computername <remote computer>

just need to make it run through a list of servers
hannibalsmithAuthor Commented:
hi Brendan,
                    thanks for your comment. Correct me if I'm wrong, but that script will list the certs being used by the target machine. What I need is a way of actually searching machines for the cert's thumbprint or issuer rather than generating a list of certs on all target systems and manually searching (which can be time consuming depending on the size of the domain)
here is some code that will list all the certs from the servers specified in to a text file
you can then use a program like Notepad++ to search for the thumbprint(s) quite easily

you can change the width if you want extra space for the Subject

will output like this
PSComputerName is the server is it on
Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\Root is the location for the certificate
    Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\Root

Thumbprint                                Subject                                                                                                                                                                             PSComputerName                                                                                                                                                                    
----------                                -------                                                                                                                                                                             --------------                                                                                                                                                                    
CDD4EEAE6000AC7F40C3802C171E30148030C072  CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com                                                                                                                       dc01                                                                                                                                                                              

Open in new window

$serverlist = @("dc01", "cm01")
$file = "certs.txt"
$width = 400

Function Get-CertsFromServer([string]$server = ".")
    $tempserver = ""
    if($server.ToLower() -eq $env:computername.ToLower())
        $tempserver = $server
        $server = "."

    $certlist = @()
    if($server -eq ".")
        $certs = Get-ChildItem cert: -Recurse
        $certs = Invoke-Command { Get-ChildItem cert: -Recurse } -ComputerName $server

    foreach($cert in $certs)
        $type = $cert.GetType()
        if($type.Name -eq "X509Certificate2")
            if($tempserver -ne "")
                $cert | Add-Member @{PSComputerName=$tempserver} -PassThru
            $certlist += $cert


foreach($server in $serverlist)
    $certs += Get-CertsFromServer $server

$certs | Out-File $file -Width $width

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

hannibalsmithAuthor Commented:
looks good, Brendan, thank you. I'll try it as soon as possible and report back...
hannibalsmithAuthor Commented:
Hi Brendan,
                     sorry for the delay in getting back to you. It's been hectic and I haven't had the time until now. I've tested the script and it's exactly what I need! Thanks for your help on this one.
hannibalsmithAuthor Commented:
Precisely what I needed, code was not unnecessarily complex and answered my question.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.