Decrypt my World

Cryptography, Security, Debugging and more!

How to get all certificates in the Server Certificates section of IIS Manager programmatically (PowerShell)

How to get all certificates in the Server Certificates section of IIS Manager programmatically (PowerShell)

Rate This
  • Comments 3

Hi all,

The certificates in the Server Certificates section of IIS Manager (inetmgr.exe) are certificates located in MY certificate store of the local machine, and their Enhanced Key Usage is Server Authentication. The following sample gets those certs:

# Get all certs in MY store of Local Machine profile
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","LocalMachine")
$store.Open("ReadOnly")
$store.Certificates |
% {
# Get all extensions for one cert
$cert = $_
$cert.Extensions |
% {
# Find "Enhanced Key Usage" extension
$extension = $_
If ($extension.Oid.FriendlyName -eq "Enhanced Key Usage")
{
# Get all enhanced key usages for the cert
$enhancedKeyUsageExtension = [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]$extension
$enhancedKeyUsageExtension.EnhancedKeyUsages |
% {
# Find "Server Authentication" enhanced key usage
$enhancedKeyUsage = $_
If ($enhancedKeyUsage.FriendlyName -eq "Server Authentication")
{
# We found a cert that will get listed in Server Certificates list in IIS Manager. Show its info
$cert | Select Subject, Issuer, NotBefore, NotAfter, Thumbprint, SerialNumber
}
}
}
}
}
$store.Close()

 

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)

  • Is it possible to disable specific usage of a certificate?

  • Doesn't work

  • Hi Anil,

    It does work for me just fine, so if it doesn't work for you, it would be useful to know if you get some kind of error.

    Regards,

    Alex

Page 1 of 1 (3 items)
Leave a Comment
  • Please add 7 and 8 and type the answer here:
  • Post
Translate This Page