Friday, October 23, 2009

Do your certificate management in Powershell

I do a lot of security work, and that means lots of time poking at certificates. Tooling for certificates was never something I was happy with until I stumbled upon powershell. Let me give you a demo:
PS C:\> cd cert:

PS cert:\> cd .\LocalMachine\My
PS cert:\LocalMachine\My> dir

    Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My


Thumbprint                                Subject
----------                                -------
4EE3FDE4FFF422935CAA0CA2783EF2CA601D6DE5  CN=NonSecretGlobalEncryptKey
272BDAC53C26CC5A8067FE6076D2F74797F69AF7  CN=igordm1, OU=Workstations, OU=Machines, DC=redmond, DC=corp, DC=microsof...


PS cert:\LocalMachine\My> cd\
PS cert:> cd .\CurrentUser\Root
PS cert:\CurrentUser\Root> dir | where {$_.Subject -like "*Veri*"}


    Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\Root


Thumbprint                                Subject
----------                                -------
18F7C1FCC3090203FD5BAA2F861A754976C8DD25  OU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stampin...
85371CA6E550143DCE2803471BDE3A09E8F8770F  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized us...
742C3192E607E424EB4549542BE1BBC53E6174E2  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
4F65566336DB6598581D584A596C87934D5F2AB4  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2...
24A40A1F573643A67F0A4B0749F6A22BF28ABB6B  OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet


PS cert:\CurrentUser\Root> $cert = gi 24A40A1F573643A67F0A4B0749F6A22BF28ABB6B

PS cert:\CurrentUser\Root> $cert.ToString()
[Subject]
  OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

[Issuer]
  OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

[Serial Number]
  03C78F37DB9228DF3CBB1AAD82FA6710

[Not Before]
  4/8/1996 5:00:00 PM

[Not After]
  1/7/2004 3:59:59 PM

[Thumbprint]
  24A40A1F573643A67F0A4B0749F6A22BF28ABB6B

PS cert:\CurrentUser\Root>
Does the output of $cert.ToString() look familiar? It's actually the ToString() on X509Certificate2. This means as well as having a great certificate store browser, you also get to access the CLR certificate classes interactively - Yeehaw!

1 comment:

Rags said...

Here is a scriptable way to find if a particular cert exists in a particular store
"certutil -user -verifystore MY b02d6f0c37b5bc67bb4850fe7ad34f84e53f7d09"

For more information try 'certutil -user /?'