ei00004
asked on
PS cmd to see if a Specific IE Certificate is Installed on a Remote Computer
Is there a PowerShell command similar to either one list below that will show me if a specific "Trusted Root Certification Authorities" certificate is installed in IE on a remote computer, listed by it "Issued To" or "Friendly name" ?
Get-ChildItem -computername RemoteComputer -Path Cert:\LocalMachine\Trusted Publisher | Where-Object {$_.Issuedto -eq "?Friendly Name of Cert"
invoke-command -computername RemoteComputer {Get-ChildItem -path cert: -Recurse | where { $_.Subject -like "*Name of Cert*" }}
Get-ChildItem -computername RemoteComputer -Path Cert:\LocalMachine\Trusted
invoke-command -computername RemoteComputer {Get-ChildItem -path cert: -Recurse | where { $_.Subject -like "*Name of Cert*" }}
ASKER
oBdA, thanks for the script, after configuring WinRM on the test computer and first running this script, I got the error message below:
The system cannot open the device or file specified.
+ CategoryInfo : NotSpecified: (:) [Get-ChildItem], CryptographicException
+ FullyQualifiedErrorId : System.Security.Cryptograp hy.Cryptog raphicExce ption,Micr osoft.Powe rShell.Com mands.GetC hi
ldItemCommand
+ PSComputerName : TestComputer
After changing this "Get-ChildItem CERT:\ -Recurse"
To this: Get-ChildItem -Path Cert:\LocalMachine\Trusted Publisher -Recurse
I now get the TrustedPublisher certs displayed. What do I need to replace "TrustedPublisher" with in order to get "Trusted Root Certification Authorities" displayed?
The system cannot open the device or file specified.
+ CategoryInfo : NotSpecified: (:) [Get-ChildItem], CryptographicException
+ FullyQualifiedErrorId : System.Security.Cryptograp
ldItemCommand
+ PSComputerName : TestComputer
After changing this "Get-ChildItem CERT:\ -Recurse"
To this: Get-ChildItem -Path Cert:\LocalMachine\Trusted
I now get the TrustedPublisher certs displayed. What do I need to replace "TrustedPublisher" with in order to get "Trusted Root Certification Authorities" displayed?
ASKER
Ok I replaced "Cert:\LocalMachine\Truste dPublisher " with "Cert:\LocalMachine\CA" and I now can display some of the "Trusted Root Certification Authorities" certificates, but not all of them. Any reason this would not list all certs in "Trusted Root Certification Authorities"?
Because "CA" are the intermediate CAs.
Try Cert:\LocalMachine\Root, or just Cert:\LocalMachine.
Try Cert:\LocalMachine\Root, or just Cert:\LocalMachine.
ASKER
Cert:\LocalMachine displays a lot more certs, but still not able the see the specific certs I'm looking for. When I look at the specific certificate in Internet Explorer > Internet options, the "Friendly Name" column shows <None>. If I change "Select-Object PSPath, FriendlyName" TO "Select-Object PSPath, IssuedTO" the scripts errors.
ASKER
oBdA - If it's not already then could you please update your script to query for "IssuedTO" instead of the FriendlyName?
It already does that, that's what the calculated property is for.
Use it exactly as posted (except for the computer name, obviously), and use Out-GridView's integrated filter to find the certificate you're looking for.
Use it exactly as posted (except for the computer name, obviously), and use Out-GridView's integrated filter to find the certificate you're looking for.
Invoke-Command -ComputerName RemoteComputer -ScriptBlock {
$Pattern = '\A.*?=\s*(?:"(?<Name>.*?)"|(?<Name>[^"].*?))\s*(,.*|\Z)'
Get-ChildItem CERT:\LocalMachine -Recurse |
Where-Object {-not $_.PSIsContainer} |
Select-Object PSPath, FriendlyName, @{n='IssuedTo'; e={$_.Subject -replace $Pattern, '${Name}'}}, @{n='IssuedBy'; e={$_.Issuer -replace $Pattern, '${Name}'}}, Subject
} | Out-GridView
ASKER
Ok that works, the cert name I was looking for is actually displayed in the "Subject" field instead of the "Issued to" field the way it is shown in Internet options > Contents > Certificates. Instead of having to run a script for each machine I want to check and filtering the output, is there just a one line PS command to remotely show me if that cert exist on a remote computer?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Then replace the Out-GridView at the end with the Where-clause of your choice.
Open in new window