![](/img/trans.png)
[英]Setting a CA Certificate, with specific Enabled Purposes, using PowerShell
[英]Get Certificate Intended Purposes
我有這個代碼,可以獲取有關“本地機器”SSL證書的信息,並將它們存儲在CSV文件中。 我擔心的是我找不到定義這些證書的正確名稱。 所以我問是否有一個字段表明證書名稱?
此外,我想存儲SSL證書的“預期用途”,我無法弄清楚如何做到這一點。
最后的問題,我發現有一些證書,其中“目標用途”字段具有ALL
值,所以我想知道在這種情況下提到的目的是什么?
這是我的腳本,我希望它也向我展示“Intented Purposes”,如果找到了證書的名稱。
$StartDate = Get-Date
$CertPath = 'Cert:\LocalMachine\'
$CertsDetail = Get-ChildItem -Path $CertPath -Recurse | Where-Object {
$_.PsIsContainer -ne $true
} | ForEach-Object {
$DaysLeft = (New-TimeSpan -Start $StartDate -End $_.NotAfter).Days
if ($DaysLeft -lt 1) {
$Under30 = $true
$Expired = $true
$Text = "The Certificate is expired"
} elseif ($DaysLeft -lt 30) {
$Under30 = $true
$Expired = $false
$Text = "The Certificate is but valid about to expire"
} else {
$Under30 = $false
$Expired = $false
$Text = "The Certificate is still valid and not going soon to expire"
}
$FinalDate = Get-Date $_.NotAfter -Format 'dd/MM/yyyy hh:mm'
[PSCustomObject]@{
Text = $Text
Subject = $_.Subject
ExpireDate = $FinalDate
DaysRemaining = $DaysLeft
Under30Days = $Under30
Expired = $Expired
}
}
$CertsDetail | Where-Object {
$_.DaysRemaining -lt 3650
} | Export-Csv -NoTypeInformation -Path 'C:\SECnology\Data\Utilities\Certificate_State.csv'
以下腳本迭代Cert Extensions,如果是Usage,則存儲在變量$ Usage中,並將其合並到[PSCustomObject]中
編輯:納入JosefZ的寶貴提示
## Q:\Test\2019\05\22\SO_56254011.ps1
$StartDate = Get-Date
$CertPath = 'Cert:\LocalMachine\'
$FileOut = 'C:\SECnology\Data\Utilities\Certificate_State.csv'
$CertsDetail = Get-ChildItem -Path $CertPath -Recurse | Where-Object {
$_.PsIsContainer -ne $true
} | ForEach-Object {
$DaysLeft = (New-TimeSpan -Start $StartDate -End $_.NotAfter).Days
if ($DaysLeft -lt 1) {
$Under30 = $true
$Expired = $true
$Text = "The Certificate is expired"
} elseif ($DaysLeft -lt 30) {
$Under30 = $true
$Expired = $false
$Text = "The Certificate is but valid about to expire"
} else {
$Under30 = $false
$Expired = $false
$Text = "The Certificate is still valid and not going soon to expire"
}
$FinalDate = Get-Date $_.NotAfter -Format 'dd/MM/yyyy hh:mm'
$Usages = foreach($key in $_.Extensions){
if('KeyUsages' -in $key.psobject.Properties.Name ){ $key.KeyUsages}
if('EnhancedKeyUsages' -in $key.psobject.Properties.Name){
$key.EnhancedKeyUsages.FriendlyName
}
}
[PSCustomObject]@{
Text = $Text
Subject = $_.Subject
ExpireDate = $FinalDate
DaysRemaining = $DaysLeft
Under30Days = $Under30
Expired = $Expired
Usages = $Usages-join ';'
}
}
$CertsDetail | Out-Gridview
$CertsDetail | Where-Object {
$_.DaysRemaining -lt 3650
} | Export-Csv -NoTypeInformation -Path $FileOut
樣本輸出。
Text : The Certificate is expired
Subject : CN=SITHS CA v3, O=Carelink, C=SE
ExpireDate : 28-11-2015 07:02
DaysRemaining : -1271
Under30Days : True
Expired : True
Usages : CrlSign, KeyCertSign
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.