PowerShell for Non-N00bs: Certificates Installed on a Remote Host

Okay, we know how to examine when a certificate file expires.  How about whne a certificate that's installed on a computer?

PSH> $computer = ‘remote.host'

PSH> $ro = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"  

PSH> $cu =[System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine" 

PSH> $c = new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\CA",$cu) 

PSH> $c.Open($ro)

PSH> $c.Certificates

Thumbprint                                Subject
----------                                -------
FEE449EE0E3965A5246F000E87FDE2A065FD89D4  CN=Root Agency
980F61CB05442A1D40D15A8C7EF792A89EABB434  CN=Microsoft Test PCA, O=Microsoft...
8B24CD8D8B58C6DA72ACE097C7B1E3CEA4DC3DC6  OU=www.verisign.com/CPS Incorp.by ...
7B02312BACC59EC388FEAE12FD277F6A9FB4FAC1  CN=VeriSign Class 2 CA - Individua...
12519AE9CD777A560184F1FBD54215222E95E71F  CN=VeriSign Class 1 CA Individual ...

The hard is trying to figure out which certificate is the one in question.  That will be left for an exercise for the reader.  (I hated reading that in my textbooks.)  However, once we've determined which installed certificate is of interest, getting the expiration data is relatively simple:

PSH> $c.Certificates[0].NotAfter

Saturday, December 31, 2039 3:59:59 PM

Comments (0)

Skip to main content