忽略自签名证书

时间:2019-05-28 09:39:21

标签: powershell ssl

我有这段代码列出了所有本地计算机SSL证书的详细信息,并将它们存储在csv文件中。但是,有些自签名证书使我觉得它们无用,因此我想排除它们的出现,我无法弄清它

下面是我编写的代码

$StartDate = Get-Date
$CertPath = 'Cert:\LocalMachine\'
$CertsDetail = Get-ChildItem -Path $CertPath -Recurse | Where-Object {
$_.PsIsContainer -ne $true} | ForEach-Object {
$DaysLeft = (New-TimeSpan -Start $StartDate -End $_.NotAfter).Days
if ($DaysLeft -lt 1) {
    $Under30 = $true
    $Expired = $true
    $Text = "The Certificate is expired"
} elseif ($DaysLeft -lt 30) {
    $Under30 = $true
    $Expired = $false
    $Text = "The Certificate is but valid about to expire"
} else {
    $Under30 = $false
    $Expired = $false
    $Text = "The Certificate is still valid and not going soon to expire"
}
$FinalDate = Get-Date $_.NotAfter -Format 'dd/MM/yyyy hh:mm'
$Usages = ($_.Extensions | Where-Object {$_.KeyUsages}).KeyUsages
if ($Usages) {

$issuer = '{0}, {1}' -f 
                     ([regex] 'O=([^,]+)').Match($_.Issuer).Groups[1].Value,
                     ([regex] 'CN=([^,]+)').Match($_.Issuer).Groups[1].Value
$issuer = $issuer.Trim(", ")
[PSCustomObject]@{
    Text         = $Text
    Issuer  = $issuer.TrimStart('"')

    Subject       = $_.Subject
    ExpireDate    = $FinalDate
    DaysRemaining = $DaysLeft
    Usages  = $Usages.ToString() -replace ',', ';'
    Under30Days   = $Under30
    Expired       = $Expired

}
}
}

$CertsDetail | Where-Object {$_.DaysRemaining -lt 3650 -and $_.Usages -ne ""
 } | Export-Csv -NoTypeInformation -Path 'C:\SECnology\Data\Utilities\Certificate_State.csv'

1 个答案:

答案 0 :(得分:1)

对于自签名证书,SubjectIssuer字段将相同:

# Filter out self-signed certificates
Get-ChildItem -Path $CertPath -Recurse |Where { $_.Subject -ne $_.Issuer }