PS cmd to see if a Specific IE Certificate is Installed on a Remote Computer

Is there a PowerShell command similar to either one list below that will show me if a specific "Trusted Root Certification Authorities" certificate is installed in IE on a remote computer, listed by it "Issued To" or "Friendly name" ?

Get-ChildItem -computername RemoteComputer -Path Cert:\LocalMachine\TrustedPublisher | Where-Object {$_.Issuedto -eq "?Friendly Name of Cert"

invoke-command -computername RemoteComputer  {Get-ChildItem -path cert: -Recurse | where { $_.Subject -like "*Name of Cert*" }}
ei00004Network AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
Try it with this first, this will output the certificate list in a GUI table. You can check how the one you want to look for actually appears.
Then replace the Out-GridView at the end with the Where-clause of your choice.
Invoke-Command -ComputerName RemoteComputer -ScriptBlock {
	$Pattern = '\A.*?=\s*(?:"(?<Name>.*?)"|(?<Name>[^"].*?))\s*(,.*|\Z)'
	Get-ChildItem CERT:\ -Recurse |
		Where-Object {-not $_.PSIsContainer} |
		Select-Object PSPath, FriendlyName, @{n='IssuedTo'; e={$_.Subject -replace $Pattern, '${Name}'}}, @{n='IssuedBy'; e={$_.Issuer -replace $Pattern, '${Name}'}}, Subject
} | Out-GridView

Open in new window

0
ei00004Network AdministratorAuthor Commented:
oBdA, thanks for the script, after configuring WinRM on the test computer and first running this script, I got the error message below:

The system cannot open the device or file specified.
    + CategoryInfo          : NotSpecified: (:) [Get-ChildItem], CryptographicException
    + FullyQualifiedErrorId : System.Security.Cryptography.CryptographicException,Microsoft.PowerShell.Commands.GetChi
   ldItemCommand
    + PSComputerName        : TestComputer

After changing this "Get-ChildItem CERT:\ -Recurse"
To this: Get-ChildItem -Path Cert:\LocalMachine\TrustedPublisher -Recurse

I now get the TrustedPublisher certs displayed. What do I need to replace "TrustedPublisher" with in order to get "Trusted Root Certification Authorities" displayed?
0
ei00004Network AdministratorAuthor Commented:
Ok I replaced "Cert:\LocalMachine\TrustedPublisher " with "Cert:\LocalMachine\CA" and I now can display some of the "Trusted Root Certification Authorities"  certificates, but not all of them. Any reason this would not list all certs in "Trusted Root Certification Authorities"?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

oBdACommented:
Because "CA" are the intermediate CAs.
Try Cert:\LocalMachine\Root, or just Cert:\LocalMachine.
0
ei00004Network AdministratorAuthor Commented:
Cert:\LocalMachine displays a lot more certs, but still not able the see the specific certs I'm looking for. When I look at the specific certificate in Internet Explorer > Internet options, the "Friendly Name" column shows <None>.  If I change "Select-Object PSPath, FriendlyName"  TO "Select-Object PSPath, IssuedTO" the scripts errors.
0
ei00004Network AdministratorAuthor Commented:
oBdA - If it's not already then could you please update your script to query for "IssuedTO" instead of the FriendlyName?
0
oBdACommented:
It already does that, that's what the calculated property is for.
Use it exactly as posted (except for the computer name, obviously), and use Out-GridView's integrated filter to find the certificate you're looking for.
Invoke-Command -ComputerName RemoteComputer -ScriptBlock {
	$Pattern = '\A.*?=\s*(?:"(?<Name>.*?)"|(?<Name>[^"].*?))\s*(,.*|\Z)'
	Get-ChildItem CERT:\LocalMachine -Recurse |
		Where-Object {-not $_.PSIsContainer} |
		Select-Object PSPath, FriendlyName, @{n='IssuedTo'; e={$_.Subject -replace $Pattern, '${Name}'}}, @{n='IssuedBy'; e={$_.Issuer -replace $Pattern, '${Name}'}}, Subject
} | Out-GridView

Open in new window

0
ei00004Network AdministratorAuthor Commented:
Ok that works, the cert name I was looking for is actually displayed in the "Subject" field instead of the "Issued to" field the way it is shown in Internet options > Contents > Certificates. Instead of having to run a script for each machine I want to check and filtering the output, is there just a one line PS command to remotely show me if that cert exist on a remote computer?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.