Forum Discussion

drawson's avatar
drawson
Copper Contributor
Aug 09, 2019

Inventory SSL Root Cert Remotely Using PowerShell

I am not well versed with PowerShell but after researching it appears PowerShell might be the tool I need.  I have a need to inventory all computers on my AD to confirm whether or not they have the n...
Windows PowerShell
drawson's avatar
drawson
Copper Contributor
Aug 21, 2019

Thanks VasilMichev ,

 

I've been trying to get up to speed by reviewing the links you sent. I can manually add the list of computers to scan as I learn how to read a CSV. But my question now is how do I turn "LocalMachine" into reading the "Trusted Root Certificate Authorities\Certificates" for both 'Current User' & 'Local Computer'?

VasilMichev's avatar
VasilMichev
MVP
Aug 22, 2019

It's as simple as:

 

dir Cert:\CurrentUser\Root\
dir Cert:\LocalMachine\Root\
  • drawson's avatar
    drawson
    Copper Contributor
    Aug 22, 2019

    Hi VasilMichev, That seems simple enough in theory. But sadly once I ask for details on certs in that location I get nothing but the computer name when using the following example.:

     

     

    I'm trying to find 2 specific certs in this location. And if they don't exist in this location I need to know which computer it is that needs them installed. Or stated another way if I can get a report that tells me the cert "IssuedTo" descriptor and the "Expiration Date". Ultimately I need to install the proper certs if they don't exist. I can do that manually. Heck, I can do all of this manually but it would be nice if I work smarter not harder.

     

    So if I could do this I would like to parse a csv that contains the computer names that I need to check for certs in 'CurrentUser\Root' & 'LocalMachine\Root' that have an 'Issue To' name of 'SSL_Cert_1' & 'SSL_Cert_2' and also display the 'Expiration Date' associated with each cert.

     

    Each computer that does not have the required certs I would like to install these certs. Or at the very least list them so I can pay a visit.

     

    Unfortunately I can't even begin to write the proper syntax to include something like the following.:

     

     

    • VasilMichev's avatar
      VasilMichev
      MVP
      Aug 23, 2019

      The first example will only list certificates with CN matching the name of the computer, so it's seem to me its working as expected. You can simply remove the where clause and get a full list of certificates, the filter it out in excel or something.

      • drawson's avatar
        drawson
        Copper Contributor
        Aug 23, 2019

        VasilMichev, if you would kindly share with me the proper terminology I would be glad to research further on my own. I'm just not sure where to look for clarification on these commands.

         

        Thanks,

         

Resources