通过PowerShell

时间:2017-04-10 15:56:47

标签: powershell certificate

我需要使用PowerShell脚本来选择“证书模板名称”为“计算机”的证书。在certmgr.msc中,它具有“证书模板”,其值为“计算机”。在详细信息中,同一个“证书模板名称”为“计算机”。

如何在PowerShell脚本中使用这些值中的任何一个?

到目前为止,我有:

get-childitem cert:\localmachine\my | where-object {$_.}

我已尝试过智能感知加载的所有方法,但未能找到满足我需求的任何方法。

谢谢,

5 个答案:

答案 0 :(得分:2)

除了已经发布的答案,让我分享一下对我有用的内容:

   Code BooleanInformation
0  J060                   
1  J010                   
2  J030         ColB,Value
3  J111                   
4  Z290          ColA,ColB
5  B340              Value
6  B340               ColA
7  B340               ColB

答案 1 :(得分:0)

试试这个powershell模块CertificatePS。里面有这个cmdlet Get-CertificateTemplate,可以完全满足您的需求。我开发了它,我自己用它来区分机器和Web模板证书。

这是一个使用示例,尽管还有其他可能性,例如在每个返回对象中添加PSNoteProperty 

# With Select-Object
Get-ChildItem "Cert:\LocalMachine\My" | Select-Object Name,Thumbprint,@{Name="Template";Expression={Get-CertificateTemplate $_}}

# With Where-Object
Get-ChildItem "Cert:\LocalMachine\My" | Where-Object {Get-CertificateTemplate $_ -eq "Template"}}

查看有关此模块的更多示例here

该模块并不完美,如果您有任何反馈或贡献,请在github project上进行。

答案 2 :(得分:0)

这是一个原生的PowerShell解决方案:

感谢转到PowerShell Gallery 

<#
.SYNOPSIS
 Outputs an object consisting of the template name (Template), an OID (OID), the minor version (MinorVersion), and the major version (MajorVersion).

.DESCRIPTION
 Outputs an object consisting of the template name (Template), an OID (OID), the minor version (MinorVersion), and the major version (MajorVersion).
 This information is derived from the Certificate Extensions.

.PARAMETER Certificate
 A X509Certificate2 object

.EXAMPLE
 Get-ChildItem "Cert:\LocalMachine\My" | Get-CertificateTemplate

.EXAMPLE
 Get-ChildItem "Cert:\LocalMachine\My" | Select-Object Name,Thumbprint,@{Name="Template";Expression={Get-CertificateTemplate $_}}

.INPUTS
 Any X509Certificate2 object

.OUTPUTS
 [PSCustomObject] @{Template=<template name; OID=<oid string>; MajorVersion=<major version num>; MinorVersion=<minor version num> }
#>
function Get-CertificateTemplate {
  [CmdletBinding(SupportsShouldProcess=$false)]
  [OutputType([string])]
  Param([Parameter(Mandatory=$true, ValueFromPipeline=$true)] [ValidateNotNull()] [Security.Cryptography.X509Certificates.X509Certificate2]$Certificate)

  Process {
    $regExPrimary=[System.Text.RegularExpressions.Regex]::new("Template=([\w\s\d\.]+)\(((?:\d+.)+)\), Major Version Number=(\d+), Minor Version Number=(\d+)",[System.Text.RegularExpressions.RegexOptions]::None)
    $regExSecondary=[System.Text.RegularExpressions.Regex]::new("Template=((?:\d+.)+), Major Version Number=(\d+), Minor Version Number=(\d+)",[System.Text.RegularExpressions.RegexOptions]::None)

    $temp = $Certificate.Extensions | Where-Object { $_.Oid.FriendlyName -eq "Certificate Template Name" }
    if ($temp -eq $null) {
      Write-Verbose "Did not find 'Certificate Template Name' extension"
      $temp=$Certificate.Extensions | Where-Object { $_.Oid.Value -eq "1.3.6.1.4.1.311.21.7" }
    }
    else { Write-Verbose "Found 'Certificate Template Name' extension" }

    $Matches=$regExPrimary.Matches($temp.Format($false))
    if ($Matches.Count -gt 0) {
      $object=@{Template=$Matches[0].Groups[1].Value; OID=$Matches[0].Groups[2].Value; 
                MajorVersion=$Matches[0].Groups[3].Value; MinorVersion=$Matches[0].Groups[4].Value;
                Thumbprint=$Certificate.Thumbprint }
    }
    else {
      $Matches=$regExSecondary.Matches($temp.Format($false))
      if ($Matches.Count -gt 0) {
        Write-Verbose "Found certificate without a valid Template Name"
        $object=@{Template=$Matches[0].Groups[1].Value; OID=$Matches[0].Groups[1].Value; 
                  MajorVersion=$Matches[0].Groups[2].Value; MinorVersion=$Matches[0].Groups[3].Value;
                  Thumbprint=$Certificate.Thumbprint }

      }
      else {
        Write-Verbose "Found root certificate"
        $object=@{Template="Root Certificate"; OID=""; MajorVersion=""; MinorVersion=""; Thumbprint=$Certificate.Thumbprint }
      }
    }
    return [PSCustomObject]$object
  }
}

答案 3 :(得分:0)

这是一个解决方案sans-modules:

Get-ChildItem Cert:\LocalMachine\my | Where-Object{$_.Extensions | Where-Object{$_.oid.friendlyname -match "Template" -and $_.format(0) -match "Machine"}}

答案 4 :(得分:0)

$ cert.Extension.format(0)和format(1)将以易于理解的方式返回这些属性。

     # Retrieves CRL distribution point if present
    function Get-CRLDistPoint {
        Param ($cert)
                $extension = $cert.Extensions | where {$_.OID.FriendlyName -eq "CRL Distribution Points"}
                if ($extension) {
                    $crlURL = $extension.Format(0)
                    # trim header
                    $crlURL = $crlURL -replace "^.*URL=", ""
                    }
                $crlURL
    }

Get-ChildItem Cert:\LocalMachine\my | %{ Get-CRLDistPoint}
相关问题
最新问题