One-Liner(s): X509 Certificate Store Names and You

All right, we know that we can access a remote computer’s various X509Certificate stores via .NET, and ‘My’ corresponds to “Local Computer\Personal\Certificates”. What are the other names? http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename.aspx That gives us the details, but on some of my lab boxes, some of it didn’t work. Specifically, I couldn’t pull the Intermediate Certification Authorities list. Per…

1

Certificate Chains

I seem to spend a lot of time typing about SSL certificates, don’t I?  Well, I seem to spend a lot of time auditing certificates at work.  In this case, we’re updating certs because we’re migrating from one Root CA to another.  Why?  I have no idea.  I just need to figure out what Root…

0

PowerShell for Non-N00bs: Certificates Installed on a Remote Host

Okay, we know how to examine when a certificate file expires.  How about whne a certificate that’s installed on a computer? PSH> $computer = ‘remote.host’ PSH> $ro = [System.Security.Cryptography.X509Certificates.OpenFlags]”ReadOnly”   PSH> $cu =[System.Security.Cryptography.X509Certificates.StoreLocation]”LocalMachine”  PSH> $c = new-object System.Security.Cryptography.X509Certificates.X509Store(“\\$computer\CA”,$cu)  PSH> $c.Open($ro) PSH> $c.CertificatesThumbprint                                Subject———-                                ——-FEE449EE0E3965A5246F000E87FDE2A065FD89D4  CN=Root Agency980F61CB05442A1D40D15A8C7EF792A89EABB434  CN=Microsoft Test PCA, O=Microsoft…8B24CD8D8B58C6DA72ACE097C7B1E3CEA4DC3DC6  OU=www.verisign.com/CPS Incorp.by …7B02312BACC59EC388FEAE12FD277F6A9FB4FAC1  CN=VeriSign Class 2…

0

PowerShell for Non-N00bs: Certificate Files

Let’s say we have a certfiicate file.  (“We have a certificate file.”  Yuck-yuck, haw-haw.)  When does it expire? PSH> $certObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $pathToCertFile; PSH> $certObject.NotAfterWednesday, January 21, 2011 12:49:18 PM  PS> $certObject.NotAfter | Get-Member    TypeName: System.DateTime Name                 MemberType     Definition —-                 ———-     ———- Add                  Method         System.DateTime Add(TimeSpan value) AddDays              Method         System.DateTime AddDays(Double value) AddHours            …

0