How to list ssl certificates installed on windows server

asked 2021-04-19T22:09:38.233+00:00
Gary Vial 1 Reputation point

Tengo que listar todos los certificados SSL instalados en todo el forest (mas de 600 servers desde 2003 hasta 2019) Solo se ver esta informacion con el comando certlm de manera manual.
Requiero los campos: nombre de certificado, nombre servidor, fecha inicio, fecha termino, empresa certificadora. ¿Alguien tiene un script o comando que me pueda ayudar en esta tarea?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,294 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. answered 2021-04-20T08:23:49.643+00:00
    Ian Xue (Shanghai Wicresoft Co., Ltd.) 18,351 Reputation points Microsoft Employee

    Hi,

    Please check to see if this works. Sorry I've got no environment to test it.

    $forest = "contoso.com"  
    $file = "C:\temp\certs.csv"  
    $cred = Get-Credential ""  
    $out=(Get-ADForest -Identity $forest).Domains | ForEach-Object {  
        (Get-ADcomputer -Filter * -server $_).DNSHostName | ForEach-Object {  
            Invoke-Command -ComputerName $_ -credential $cred -HideComputerName -ScriptBlock {   
                Get-ChildItem -Path Cert:\LocalMachine -Recurse | Where-Object {$_.PSISContainer -eq $false} |   
                    Select-Object -Property Thumbprint,Subject,Issuer,NotBefore,NotAfter   
            }   
        }   
    } | Select-Object -Property * -ExcludeProperty RunSpaceID,PSShowComputerName | Export-Csv -Path $file -NoTypeInformation  
    

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. answered 2021-04-21T06:52:47.017+00:00
    Ian Xue (Shanghai Wicresoft Co., Ltd.) 18,351 Reputation points Microsoft Employee

    Hope this works.

    $forest = "contoso.com"  
    $ou = "OU=servers,DC=contoso,DC=com"  
    $file = "C:\temp\cert.csv"  
    $cred = Get-Credential ""  
    (Get-ADForest -Identity $forest).Domains | ForEach-Object {  
        (Get-ADcomputer -Filter * -Server $_ -SearchBase $ou).DNSHostName | ForEach-Object {  
            Invoke-Command -ComputerName $_ -credential $cred -ScriptBlock {   
                Get-ChildItem -Path Cert:\LocalMachine\My | Select-Object -Property Thumbprint,Subject,Issuer,NotBefore,NotAfter   
            }   
        }   
    } | Select-Object -Property * -ExcludeProperty RunSpaceID,PSShowComputerName | Export-Csv -Path $file -NoTypeInformation  
    

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    No comments