We help IT Professionals succeed at work.

Extract Certificate Info via a Script

High Priority
Last Modified: 2020-03-24
Hi everyone.  Hope everyone is staying well during this global health crisis!  Okay my question.  I have been asked to write a script that extracts the expiration date for a particular certificate on a user's machine.  I'm able to run certmgr.msc, go under the "Personal" folder, click on "Certificates" and see my own certificates, but I want to write some sort of script that can run on all machines in my organization to extract the expiration date for a specific certificate (let's call it "CertificateABC".   Does anyone have any idea how I can do that?  Thanks in advance!
Watch Question

Pete LongTechnical Consultant
Distinguished Expert 2019

 - Would a better solution not be to interrogate  'issued certificates" on your CA Server(s)?

Anne Maire FierstSenior IT Specialist


Hi Pete, I think the certificate is on a person's laptop, not on a server...I don't think our admin can access them via a server, which is why he asked me to write a script that each person could run on their own machine.  I was hoping I could grab some info from the registry, but I can't find in the registry what certmgr.msc is telling me.
Senior IT Specialist
Problem resolved.   Created a PowerShell script...

Get-ChildItem -Path Cert: -Recurse | Where-Object { $_.Issuer -like "*xxxx*" } | Format-Table -Property Issuer,notafter > $env:USERPROFILE\documents\$env:USERNAME"_xxxt.txt"