Validate certificate chain with powershell

I'm trying to write a script which validates certificate chain in PowerShell (that all certificates in the chain are not expired) and finds the certificate which is closest to expiration. I'm using following script to find issuer certificate:

Get-ChildItem -Recurse -Path Cert: | Where-Object { $_.Subject -eq $Certificate.Issuer }

For some reasons for some certificates I get more then one certificate with different Thumbprints, which have the same issuer name and I expected that should be only one.

Is there any other property of the certificate which uniquely identifies the issuer certificate? Maybe there is some other approach to validate certificate chain?

Answers


Check out Test-Certificate: http://poshcode.org/1633

Tests specified certificate for certificate chain and revocation

There is a Test-Certificate cmdlet included in 4.0 http://technet.microsoft.com/en-us/library/hh848639.aspx

I ran this on my localhost just testing it out,

Get-childitem cert: -recurse | %{ write-host $_ ; Test-Certificate -cert $_ }

It gives a nice error when a cert in the chain is expired.

WARNING: Chain status: CERT_TRUST_IS_NOT_TIME_VALID Test-Certificate : A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


I had need of inventorying all certificates with private keys for expiration dates. The code sample below is tested under Powershell 3.0 The Try/Catch structure allows suppression of the obnoxious red error text from certs that do not have private keys.

Set-Strictmode -Version Latest
$arrCerts = Get-Childitem CERT:\ -Recurse                   
foreach ($objItem in $arrCerts) {
   Try   { $blnFound = ($objItem.HasPrivateKey -eq $True) } 
   Catch { $blnFound = $False }                             
   if ($blnFound) {                                         
       $arrSplit = $objItem.PSParentPath -split "::"        
       write-host 'Path        '$arrSplit[1]                
       write-host 'Subject     '$objItem.SubjectName.Name   
       write-host 'Expires     '$objItem.NotAfter           
       write-host 'Private Key '$objItem.HasPrivateKey      
       write-host
       }
   }                                                        

Need Your Help

Assign the results of an SQL query to a PHP variable

php mysql sql

Forgive me but I am very new to PHP and SQL.

Joomla 3.2 mod_login redirect after login not resolving item translated with falang

redirect joomla login

I have a login module which redirects to selected menu item after successful login.