Get Serial number, expiry date, subject name and subject alternative names in script


The question was something like this:


 


…”What I need to be able to do is iterate through each certificate in the Local Machine’s Personal store and spit out at least the serial number, expiry date, subject name and subject alternative names.”


 


Here is the output:


 


—————————————————————-


Serial: 619487CD000000E4DCFF
SubjectName: CN=SPATDSG, OU=Workstations, OU=Machines, DC=crisco, DC=com
Valid from 7/29/2008 9:31:40 PM to 8/28/2008 9:31:40 PM
SAN: Other Name:
     Principal Name=SPATDSG$@crisco.com


—————————————————————-


 


 


Here is a starter.. requries capicom


 


Const CAPICOM_LOCAL_MACHINE_STORE = 1


Const CAPICOM_STORE_OPEN_READ_ONLY = 0


Const CAPICOM_CERTIFICATE_FIND_TIME_VALID = 9


 


Set oStore = CreateObject (“CAPICOM.Store”)


oStore.Open CAPICOM_LOCAL_MACHINE_STORE, “MY” ,CAPICOM_STORE_OPEN_READ_ONLY


 


Set Certificates = oStore.Certificates.Find(CAPICOM_CERTIFICATE_FIND_TIME_VALID,, 0)


 


If Certificates.Count >0 Then


 


                For Each Certificate in Certificates


                                set extensions = Certificate.Extensions()


                                WScript.Echo “Serial: ” & Certificate.SerialNumber


                                WScript.Echo “SubjectName: ” & Certificate.SubjectName


                                WScript.Echo “Valid from ” & Certificate.ValidFromDate & ” to ” & Certificate.ValidToDate


 


                                ‘ get the SAN data if it is there


                                For Each extension in extensions


                                                if extension.OID = 12 then


                                                     SubjectAltName = extension.EncodedData.Format(true)


                                                    wscript.echo “SAN: ” & SubjectAltName


                                                end if


                                next


 


                                WScript.Echo “—————————————————————-“


                                WScript.Echo


                Next


Else


WScript.Echo “No certificates”


End If


 


 


 


Hope it helps…


 


Extension.OID Property
http://msdn.microsoft.com/en-us/library/aa382418(VS.85).aspx


 


EncodedData.Format Method
http://msdn.microsoft.com/en-us/library/aa382001(VS.85).aspx


 


 


 


 


spat

Comments (2)

  1. Bran says:

    Not sure you care, but I thought you may

    In Powershell you can do this

    dir cert:CurrentUser -rec | fl SerialNumber,@{l="SubjectName";e={$_.SubjectName.Name}},@{l="ValidFrom";e={"{0} to {1}" -f $_.NotBefore,$_.NotAfter}}

    You can add the extension easy enough to