我想从我的系统获得所有证书。
所以我使用了System.Security.Cryptography.X509Certificates class.
当我在()之后移除X509Store时,我得到的结果与我输入"My"
查看所有证书的正确成员名称是什么?有可能吗?
$store=new-object System.Security.Cryptography.X509Certificates.X509Store("CA")
# Put in CA, My, root etc.
$store.open("ReadOnly")
$store.Certificates
$store.Certificates.count
答案 0 :(得分:6)
您可以从当地的证书驱动器获取它们:
Get-ChildItem Cert:\CurrentUser\CA # user certs
Get-ChildItem Cert:\LocalMachine\CA # machine certs
答案 1 :(得分:0)
Get-ChildItem Cert:\ LocalMachine \ My
如果您安装了WinRM,这很有趣,但是以更标准的方式查找所有证书,使用
这样的东西要好得多$ store = New-Object System.Security.Cryptography.X509Certificates.X509Store(" \ $ server_name \ My"," LocalMachine")
$ store.Open("只读&#34)
$ store.Certificates
答案 2 :(得分:0)
以下 PowerShell 脚本将询问远程计算机的 DNS 名称,然后询问域管理员凭据,以便它可以连接和查询。生成的 $AllCerts 变量拥有来自每个商店的所有证书。然后还将它们导出到 $env:temp 文件夹中的 CSV 文件,并在 Windows 资源管理器中打开该文件夹。
function Get-Cert( $computer=$env:computername ){
$cred = Get-Credential -Message "Enter credentials for a Domain Admin"
$ro=[System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
$lm=[System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
$Stores = (Invoke-Command $computer {Get-ChildItem cert:\LocalMachine} -Credential $cred).Name
$AllStores = @()
foreach ($store in $Stores){
$AllStores += new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\$store",$lm)
}
$AllStores.Open($ro)
$AllStores.Certificates
}
write-host "Enter remote computer to poll certificate information from" -ForegroundColor Cyan
$remoteComputer = read-host
$AllCerts = Get-Cert $remoteComputer
$AllCerts = $AllCerts | Select Subject,Issuer,Thumbprint,NotBefore,NotAfter
$AllCerts | Where-Object {$_.NotAfter -lt (Get-Date)} | format-list
$AllCerts | export-csv -NoTypeInformation $env:temp\$($remoteComputer)_AllCerts.csv
start $env:temp