How to get all certificates in the Server Certificates section of IIS Manager programmatically (PowerShell)


Hi all,

The certificates in the Server Certificates section of IIS Manager (inetmgr.exe) are certificates located in MY certificate store of the local machine, and their Enhanced Key Usage is Server Authentication. The following sample gets those certs:

# Get all certs in MY store of Local Machine profile
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","LocalMachine")
$store.Open("ReadOnly")
$store.Certificates |
% {
# Get all extensions for one cert
$cert = $_
$cert.Extensions |
% {
# Find "Enhanced Key Usage" extension
$extension = $_
If ($extension.Oid.FriendlyName -eq "Enhanced Key Usage")
{
# Get all enhanced key usages for the cert
$enhancedKeyUsageExtension = [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]$extension
$enhancedKeyUsageExtension.EnhancedKeyUsages |
% {
# Find "Server Authentication" enhanced key usage
$enhancedKeyUsage = $_
If ($enhancedKeyUsage.FriendlyName -eq "Server Authentication")
{
# We found a cert that will get listed in Server Certificates list in IIS Manager. Show its info
$cert | Select Subject, Issuer, NotBefore, NotAfter, Thumbprint, SerialNumber
}
}
}
}
}
$store.Close()

 

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)

Comments (3)

  1. Andy says:

    Is it possible to disable specific usage of a certificate?

  2. Anil says:

    Doesn't work

  3. Hi Anil,

    It does work for me just fine, so if it doesn't work for you, it would be useful to know if you get some kind of error.

    Regards,

    Alex