Last active
May 22, 2025 14:50
-
-
Save tcartwright/1cda5676a81a4cad49c1e33c4897c3eb to your computer and use it in GitHub Desktop.
POWERSHELL: Test https cert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Clear-Host | |
| $hostName = "www.microsoft.com" | |
| $req = [System.Net.HttpWebRequest]::Create("https://$hostName") | |
| $req.GetResponse().Dispose() | |
| $servicePoint = $req.ServicePoint | |
| [System.Security.Cryptography.X509Certificates.X509Certificate2]$cert = $servicePoint.Certificate | |
| # $servicePoint | Format-List * | |
| # $cert | Format-List * | |
| $props = $cert | Select-Object @{Name="Address"; Expression={$servicePoint.Address}}, | |
| Subject, | |
| @{Name="ValidFrom"; Expression={$_.NotBefore}}, | |
| @{Name="ValidTo"; Expression={$_.NotAfter}}, | |
| @{Name="IsValid"; Expression={$_.Verify() -and (Get-Date) -le ([DateTime]::Parse($_.GetExpirationDateString())) }}, | |
| @{Name="Encryption"; Expression={$_.SignatureAlgorithm.FriendlyName}}, | |
| @{Name="DnsNames"; Expression={$_.DnsNameList.Unicode}}, | |
| Issuer | |
| $props | Out-Host | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 7.0 | |
| Clear-Host | |
| $hostName = "www.microsoft.com" | |
| $port = 443 | |
| $tcpClient = New-Object System.Net.Sockets.TcpClient | |
| try { | |
| $tcpClient.Connect($hostName, $port) | |
| $sslStream = New-Object System.Net.Security.SslStream($tcpClient.GetStream(), $false, ({ $true })) | |
| try { | |
| $sslStream.AuthenticateAsClient($hostName) | |
| $tlsVersion = $sslStream.SslProtocol | |
| } catch { | |
| Write-Error "TLS handshake failed: $_" | |
| $tcpClient.Close() | |
| return | |
| } | |
| $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($sslStream.RemoteCertificate) | |
| $sslStream.Close() | |
| $tcpClient.Close() | |
| # Parse SAN (DNS names) from extensions | |
| $sanExtension = $cert.Extensions | Where-Object { $_.Oid.FriendlyName -eq "Subject Alternative Name" } | |
| $dnsNames = if ($sanExtension) { $sanExtension.Format($false) } else { "N/A" } | |
| $props = [PSCustomObject]@{ | |
| Address = $hostName | |
| TlsVersion = $tlsVersion | |
| Subject = $cert.Subject | |
| ValidFrom = $cert.NotBefore | |
| ValidTo = $cert.NotAfter | |
| IsValid = $cert.Verify() -and (Get-Date) -le $cert.NotAfter | |
| Encryption = $cert.SignatureAlgorithm.FriendlyName | |
| DnsNames = $dnsNames | |
| Issuer = $cert.Issuer | |
| } | |
| $props | Format-List | |
| } catch { | |
| Write-Error "Connection failed: $_" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment