One-Liner(s): X509 Certificate Store Names and You

All right, we know that we can access a remote computer’s various X509Certificate stores via .NET, and ‘My’ corresponds to “Local Computer\Personal\Certificates”. What are the other names?

That gives us the details, but on some of my lab boxes, some of it didn’t work. Specifically, I couldn’t pull the Intermediate Certification Authorities list.

Per the above, that’s the ‘CertificateAuthority’ X509Certificate store. In fact, we can enumerate the StoreName enum as follows


So, it says ‘CertificateAuthority’ all right. And it doesn’t work with my box, all right. So, what to do?

Get-ChildItem cert:\LocalMachine | % { $_.Name }

That works for the local box. How about for my remote box? PSRemoting to the rescue.

Invoke-Command -ComputerName $ComputerName -ScriptBlock { Get-ChildItem cert:\LocalMachine | % { $_.Name } }

Comments (1)

  1. Andres says:

    Hey !! I am so interesting in this, do you have some more code or simple regarding this, I am implementng a XML signer using Smart card digital cerificiate, but  I need to sign the XML with the certificate in the user computer from my website, so far I have no clue have to do it, if I need Access the usb port from the web site or I just need to acess the remote store certificates.

    I appreciate any help on this,