Share via

Display Subject Alternative Names of a Certificate with PowerShell

Nelson Baez 1 Reputation point
2021-04-26T15:17:23.297+00:00

Hello,

I am trying to retrieve the SAN of few of my certificates using PowerShell whether the Cert has a SAN or not.

Below is what I have so far:

$Servers = "WebServer01",
"WebServer02",
"WebServer03"

Invoke-Command -ComputerName $Servers -ScriptBlock {Get-ChildItem -Recurse Cert:\LocalMachine\My | select subject,NotBefore, notafter, Issuer, Thumbprint,HasPrivateKey, SubjectAlternativeName}

I am getting output from all fields except the SAN "SubjectAlternativeName". Could someone help advise me what else I am missing?

Windows for business | Windows Server | User experience | PowerShell
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-04-27T06:11:31.407+00:00

    Hi,

    The X509Certificate2 object has no "SubjectAlternativeName" property. You can get it from the extensions of the certificate. 

    Invoke-Command -ComputerName $Servers -ScriptBlock { Get-ChildItem -Recurse Cert:\LocalMachine\My |   
    select subject,NotBefore, notafter, Issuer, Thumbprint,HasPrivateKey,   
    @{name='Subject Alternative Name';expression={($_.Extensions | Where-Object {$_.Oid.FriendlyName -eq "Subject Alternative Name"}).format($true)}}  
}

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.