robertchong · June 1, 2014 03:10
diff --git a/Get-PKICertificates.ps1 b/Get-PKICertificates.ps1
 Function Get-PKICertificates { 
 <#   
 .SYNOPSIS   
    Gets all X.509 Certificates on a local or remote computers 
    Source: http://gallery.technet.microsoft.com/scriptcenter/a2a500e5-1dd2-4898-9721-ed677399679c
    
 .DESCRIPTION   
    Gets all X.509 Certificates on a local or remote computers that are from Trusted Root CAs, revoked certificates, person, etc... 
    This also allows you to look at certificates for the LocalMachine or CurrentUser stores. 
    The CurrentUser store can only be accessed on the local machine from where this script is being run.  
    The LocalMachine can be accessed on either the local system or a remote system. 
    
 .PARAMETER Computer 
    Name of the computer to query for X.509 certificates 
    
 .PARAMETER StoreLocation 
    Specifies the location of the X.509 certificate store. Acceptable values are "LocalMachine","CurrentUser". 
    The CurrentUser store location can only be accessed on the local machine.  
    LocalMachine can be accessed at either the local machine or a remote machine. 
    
 .PARAMETER StoreName 
    Specifies the name of the X.509 certificate store to open. Acceptable values are "AddressBook","AuthRoot","CertificateAuthority",
    "Disallowed","My","Root","TrustedPeople","TrustedPublisher". 
    
 .PARAMETER OpenFlag     
    Specifies the way to open the X.509 certificate store Acceptable values are "ReadOnly","ReadWrite","MaxAllowed",
    "OpenExistingOnly","IncludeArchived". 
    
 .PARAMETER ShowExpired 
    List all certificates that have expired 
    
 .PARAMETER ExpiresIn     
    Show all certificates that are expiring withing a given number of days 
    
 .NOTES   
    Author     : Boe Prox  
    Created    : 03/23/2010     
     
 .LINK    
    http://boeprox.wordpress.com 
    http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.openflags.aspx 
    http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storelocation.aspx 
    http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename.aspx 
    http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate.aspx     
    
 .EXAMPLE   
    Get-PKICertificates -computer 'server1' -StoreLocation LocalMachine -StoreName My -OpenFlag ReadOnly 
     
    Description 
    ----------- 
    This command will return all of the certificates in the My (personal) store for 'server1' on the LocalMachine store location. 
     
 .EXAMPLE   
    Get-PKICertificates -computer 'server1' -StoreLocation LocalMachine -StoreName My -OpenFlag ReadOnly -ListExpired 
     
    Description 
    ----------- 
    This command will return all of the certificates in the My (personal) store for 'server1' on the LocalMachine store location that has expired.  
       
 .EXAMPLE   
    Get-PKICertificates -computer 'server1' -StoreLocation LocalMachine -StoreName My -OpenFlag ReadOnly -ExpiresIn 14 
     
    Description 
    ----------- 
    This command will return all of the certificates in the My (personal) store for 'server1' on the LocalMachine store location that will expire withing 14 days.  
 #>  
 [cmdletbinding(  
    DefaultParameterSetName = 'PKI' 
 )]  
 param(  
    [Parameter(  
        Mandatory = $False,  
        ParameterSetName = '', 
        HelpMessage = "Computer to query certificates.",  
        ValueFromPipeline = $True)]  
        [string[]]$Computer = $Env:Computername, 
    [Parameter(    
        ParameterSetName = '', 
        HelpMessage = "Acceptable values are 'LocalMachine','CurrentUser'. `
        CurrentUser can only be access on local machine. LocalMachine can be accessed on local or remote machine.",  
        ValueFromPipeline = $False)]  
        [string][ValidateSet("LocalMachine","CurrentUser")]
        $StoreLocation = "LocalMachine", 
    [Parameter(   
        ParameterSetName = '',  
        HelpMessage = "Acceptable values are 'AddressBook','AuthRoot','CertificateAuthority','Disallowed','My',`
        'Root','TrustedPeople','TrustedPublisher'",          
        ValueFromPipeline = $False)]  
        [string][ValidateSet("AddressBook","AuthRoot","CA","Disallowed","My","Root","TrustedPeople","TrustedPublisher")]
        $StoreName = "My",  
    [Parameter(  
        Mandatory = $False,  
        ParameterSetName = '',  
        HelpMessage = "Acceptable values are 'ReadOnly','ReadWrite','MaxAllowed','OpenExistingOnly','IncludeArchived'",          
        ValueFromPipeline = $False)]  
        [string][ValidateSet("ReadOnly","ReadWrite","MaxAllowed","OpenExistingOnly","IncludeArchived")]$OpenFlag = "ReadOnly", 
    [Parameter(  
        Mandatory = $False,  
        ParameterSetName = 'Expired', 
        HelpMessage = "Show expired certificates",  
        ValueFromPipeline = $False)]  
        [switch]$ListExpired, 
    [Parameter(  
        Mandatory = $False,  
        ParameterSetName = 'Expiring', 
        HelpMessage = "Enter a number to list certificates expiring in given number of days",  
        ValueFromPipeline = $False)]  
        [Int32]$ExpiresIn         
 ) 
 Begin { 
    #Create variable that holds the OpenFlags object 
    Write-Verbose "Setting the OpenFlag variable" 
    $ro=[System.Security.Cryptography.X509Certificates.OpenFlags]"$OpenFlag" 
     
    #Create variable that holds the Store Location object 
    Write-Verbose "Setting the Store Location variable" 
    $cu=[System.Security.Cryptography.X509Certificates.StoreLocation]"$StoreLocation" 
             
    }  
 Process { 
    ForEach ($c in $computer) { 
        Try { 
            #Check to see if computer is remote or local 
            Write-Verbose "Checking to see if computer is local or remote." 
            If ($Env:Computername -ne $c) { 
                Write-Verbose "Computer is remote, verifying network connection" 
                If (!(Test-Connection -ComputerName $c -Count 1 -Quiet)) { 
                    Write-Verbose "$($c): Unable to locate computer" 
                    Continue 
                    } 
                Else { 
                    If ($StoreLocation -eq "CurrentUser") { 
                        Write-Verbose "Attempting to access Remote Computer with CurrentUser store name." 
                        Write-Verbose "Unable to access remote computer's CurrentUser store. `
                        `nYou can only do this with the LocalMachine store name." 
                        Continue 
                        }             
                    }             
                }         
            Switch ($StoreLocation) { 
                LocalMachine { 
                    #Create new object and make connection to LocalMachine certificate store on computer 
                    Write-Verbose "Attempting to make connection to certificate store" 
                    $ce=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$c\$StoreName",$cu) 
                    } 
                CurrentUser { 
                    #Create new object and make connection to CurrentUser certificate store on computer 
                    Write-Verbose "Attempting to make connection to certificate store" 
                    $ce=new-object System.Security.Cryptography.X509Certificates.X509Store("$StoreName") 
                    } 
                }                                             
             
            #Open the store using defined flags 
            Write-Verbose "Opening certificate store using defined OpenFlags" 
            $ce.Open($ro) 
             
            #Determine what will be displayed based on parameter set name 
            Write-Verbose "Determining what certificates to display" 
            Switch ($Pscmdlet.ParameterSetName) { 
                "PKI" { 
                    #List all certificates in the store 
                    Write-Verbose "Listing all certificates in store" 
                    $ce.certificates 
                    } 
                "Expired" { 
                    Write-Verbose "Listing all expired certificates" 
                    $ce.Certificates | ? {$_.NotAfter -le (Get-Date)} 
                    } 
                "Expiring" { 
                    Write-Verbose "Listing certificates that expire in $ExpiresIn days" 
                    #Create a datetime object with the expiration threshold to compare against certificate expiration timestamp 
                    $deadline = (Get-Date).AddDays($ExpiresIn) 
                    $ce.Certificates | ? {$_.NotAfter -le ($deadline)} 
                    } 
                }                 
            } 
        Catch {        
            #Write error that occurred with connection          
            Write-Host -foregroundcolor Yellow "$($c): $($error[0])" 
            } 
        } 
    }          
 }
	Function Get-PKICertificates {
	<#
	.SYNOPSIS
	Gets all X.509 Certificates on a local or remote computers
	Source: http://gallery.technet.microsoft.com/scriptcenter/a2a500e5-1dd2-4898-9721-ed677399679c

	.DESCRIPTION
	Gets all X.509 Certificates on a local or remote computers that are from Trusted Root CAs, revoked certificates, person, etc...
	This also allows you to look at certificates for the LocalMachine or CurrentUser stores.
	The CurrentUser store can only be accessed on the local machine from where this script is being run.
	The LocalMachine can be accessed on either the local system or a remote system.

	.PARAMETER Computer
	Name of the computer to query for X.509 certificates

	.PARAMETER StoreLocation
	Specifies the location of the X.509 certificate store. Acceptable values are "LocalMachine","CurrentUser".
	The CurrentUser store location can only be accessed on the local machine.
	LocalMachine can be accessed at either the local machine or a remote machine.

	.PARAMETER StoreName
	Specifies the name of the X.509 certificate store to open. Acceptable values are "AddressBook","AuthRoot","CertificateAuthority",
	"Disallowed","My","Root","TrustedPeople","TrustedPublisher".

	.PARAMETER OpenFlag
	Specifies the way to open the X.509 certificate store Acceptable values are "ReadOnly","ReadWrite","MaxAllowed",
	"OpenExistingOnly","IncludeArchived".

	.PARAMETER ShowExpired
	List all certificates that have expired

	.PARAMETER ExpiresIn
	Show all certificates that are expiring withing a given number of days

	.NOTES
	Author : Boe Prox
	Created : 03/23/2010

	.LINK
	http://boeprox.wordpress.com
	http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.openflags.aspx
	http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storelocation.aspx
	http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename.aspx
	http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate.aspx

	.EXAMPLE
	Get-PKICertificates -computer 'server1' -StoreLocation LocalMachine -StoreName My -OpenFlag ReadOnly

	Description
	-----------
	This command will return all of the certificates in the My (personal) store for 'server1' on the LocalMachine store location.

	.EXAMPLE
	Get-PKICertificates -computer 'server1' -StoreLocation LocalMachine -StoreName My -OpenFlag ReadOnly -ListExpired

	Description
	-----------
	This command will return all of the certificates in the My (personal) store for 'server1' on the LocalMachine store location that has expired.

	.EXAMPLE
	Get-PKICertificates -computer 'server1' -StoreLocation LocalMachine -StoreName My -OpenFlag ReadOnly -ExpiresIn 14

	Description
	-----------
	This command will return all of the certificates in the My (personal) store for 'server1' on the LocalMachine store location that will expire withing 14 days.
	#>
	[cmdletbinding(
	DefaultParameterSetName = 'PKI'
	)]
	param(
	[Parameter(
	Mandatory = $False,
	ParameterSetName = '',
	HelpMessage = "Computer to query certificates.",
	ValueFromPipeline = $True)]
	[string[]]$Computer = $Env:Computername,
	[Parameter(
	ParameterSetName = '',
	HelpMessage = "Acceptable values are 'LocalMachine','CurrentUser'. `
	CurrentUser can only be access on local machine. LocalMachine can be accessed on local or remote machine.",
	ValueFromPipeline = $False)]
	[string][ValidateSet("LocalMachine","CurrentUser")]
	$StoreLocation = "LocalMachine",
	[Parameter(
	ParameterSetName = '',
	HelpMessage = "Acceptable values are 'AddressBook','AuthRoot','CertificateAuthority','Disallowed','My',`
	'Root','TrustedPeople','TrustedPublisher'",
	ValueFromPipeline = $False)]
	[string][ValidateSet("AddressBook","AuthRoot","CA","Disallowed","My","Root","TrustedPeople","TrustedPublisher")]
	$StoreName = "My",
	[Parameter(
	Mandatory = $False,
	ParameterSetName = '',
	HelpMessage = "Acceptable values are 'ReadOnly','ReadWrite','MaxAllowed','OpenExistingOnly','IncludeArchived'",
	ValueFromPipeline = $False)]
	[string][ValidateSet("ReadOnly","ReadWrite","MaxAllowed","OpenExistingOnly","IncludeArchived")]$OpenFlag = "ReadOnly",
	[Parameter(
	Mandatory = $False,
	ParameterSetName = 'Expired',
	HelpMessage = "Show expired certificates",
	ValueFromPipeline = $False)]
	[switch]$ListExpired,
	[Parameter(
	Mandatory = $False,
	ParameterSetName = 'Expiring',
	HelpMessage = "Enter a number to list certificates expiring in given number of days",
	ValueFromPipeline = $False)]
	[Int32]$ExpiresIn
	)
	Begin {
	#Create variable that holds the OpenFlags object
	Write-Verbose "Setting the OpenFlag variable"
	$ro=[System.Security.Cryptography.X509Certificates.OpenFlags]"$OpenFlag"

	#Create variable that holds the Store Location object
	Write-Verbose "Setting the Store Location variable"
	$cu=[System.Security.Cryptography.X509Certificates.StoreLocation]"$StoreLocation"

	}
	Process {
	ForEach ($c in $computer) {
	Try {
	#Check to see if computer is remote or local
	Write-Verbose "Checking to see if computer is local or remote."
	If ($Env:Computername -ne $c) {
	Write-Verbose "Computer is remote, verifying network connection"
	If (!(Test-Connection -ComputerName $c -Count 1 -Quiet)) {
	Write-Verbose "$($c): Unable to locate computer"
	Continue
	}
	Else {
	If ($StoreLocation -eq "CurrentUser") {
	Write-Verbose "Attempting to access Remote Computer with CurrentUser store name."
	Write-Verbose "Unable to access remote computer's CurrentUser store. `
	`nYou can only do this with the LocalMachine store name."
	Continue
	}
	}
	}
	Switch ($StoreLocation) {
	LocalMachine {
	#Create new object and make connection to LocalMachine certificate store on computer
	Write-Verbose "Attempting to make connection to certificate store"
	$ce=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$c\$StoreName",$cu)
	}
	CurrentUser {
	#Create new object and make connection to CurrentUser certificate store on computer
	Write-Verbose "Attempting to make connection to certificate store"
	$ce=new-object System.Security.Cryptography.X509Certificates.X509Store("$StoreName")
	}
	}

	#Open the store using defined flags
	Write-Verbose "Opening certificate store using defined OpenFlags"
	$ce.Open($ro)

	#Determine what will be displayed based on parameter set name
	Write-Verbose "Determining what certificates to display"
	Switch ($Pscmdlet.ParameterSetName) {
	"PKI" {
	#List all certificates in the store
	Write-Verbose "Listing all certificates in store"
	$ce.certificates
	}
	"Expired" {
	Write-Verbose "Listing all expired certificates"
	$ce.Certificates \| ? {$_.NotAfter -le (Get-Date)}
	}
	"Expiring" {
	Write-Verbose "Listing certificates that expire in $ExpiresIn days"
	#Create a datetime object with the expiration threshold to compare against certificate expiration timestamp
	$deadline = (Get-Date).AddDays($ExpiresIn)
	$ce.Certificates \| ? {$_.NotAfter -le ($deadline)}
	}
	}
	}
	Catch {
	#Write error that occurred with connection
	Write-Host -foregroundcolor Yellow "$($c): $($error[0])"
	}
	}
	}
	}