Last active
April 9, 2020 18:54
-
-
Save notesbytom/96fa449c2534d027eed866238f2c63a9 to your computer and use it in GitHub Desktop.
View Certificates for Server Name (ADCS certutil)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Change the filter and column list as needed to match your query needs. | |
| # Query Active Directory Certificate Services for Certs issued to given hostname | |
| function view_certs($prefix, $config=$null) { | |
| # call like: view_certs -prefix "srv-name" | |
| # Find $config value by running "certutil" with NO OPTIONS | |
| # increment last character to get next prefix (stop matching) | |
| $nextprefix = $prefix.Remove($prefix.Length-1) + [char]([int]$prefix[-1] + 1) | |
| $columns = "CommonName,DispositionMessage,CertificateTemplate,NotBefore,NotAfter" | |
| # Disposition of 20 returns only "Issued" certificates | |
| $restriction = "CommonName >= $prefix,CommonName < $nextprefix,Disposition = 20" | |
| if ($config -ne $null) { | |
| certutil.exe -view -config "$config" -restrict "$restriction" -out "$columns" | |
| } else { | |
| certutil.exe -view -restrict "$restriction" -out "$columns" | |
| } | |
| } | |
| # example calling function for hostname beginning with prefix | |
| view_certs -prefix "srv-name" | |
| # Inspired by | |
| # ... https://blogs.technet.microsoft.com/pki/2008/10/03/disposition-values-for-certutil-view-restrict-and-some-creative-samples/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Added
-configparameter to specify remote CA server. Use "certutil" command without any options to find the "Config:" value(s) for your environment.