Spat's WebLog (Steve Patrick)

When things go wrong...

Get Serial number, expiry date, subject name and subject alternative names in script

Get Serial number, expiry date, subject name and subject alternative names in script

  • Comments 2

The question was something like this:

 

..."What I need to be able to do is iterate through each certificate in the Local Machine’s Personal store and spit out at least the serial number, expiry date, subject name and subject alternative names."

 

Here is the output:

 

----------------------------------------------------------------

Serial: 619487CD000000E4DCFF
SubjectName: CN=SPATDSG, OU=Workstations, OU=Machines, DC=crisco, DC=com
Valid from 7/29/2008 9:31:40 PM to 8/28/2008 9:31:40 PM
SAN: Other Name:
     Principal Name=SPATDSG$@crisco.com

----------------------------------------------------------------

 

 

Here is a starter.. requries capicom

 

Const CAPICOM_LOCAL_MACHINE_STORE = 1

Const CAPICOM_STORE_OPEN_READ_ONLY = 0

Const CAPICOM_CERTIFICATE_FIND_TIME_VALID = 9

 

Set oStore = CreateObject ("CAPICOM.Store")

oStore.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY

 

Set Certificates = oStore.Certificates.Find(CAPICOM_CERTIFICATE_FIND_TIME_VALID,, 0)

 

If Certificates.Count >0 Then

 

                For Each Certificate in Certificates

                                set extensions = Certificate.Extensions()

                                WScript.Echo "Serial: " & Certificate.SerialNumber

                                WScript.Echo "SubjectName: " & Certificate.SubjectName

                                WScript.Echo "Valid from " & Certificate.ValidFromDate & " to " & Certificate.ValidToDate

 

                                ' get the SAN data if it is there

                                For Each extension in extensions

                                                if extension.OID = 12 then

                                                     SubjectAltName = extension.EncodedData.Format(true)

                                                    wscript.echo "SAN: " & SubjectAltName

                                                end if

                                next

 

                                WScript.Echo "----------------------------------------------------------------"

                                WScript.Echo

                Next

Else

WScript.Echo "No certificates"

End If

 

 

 

Hope it helps...

 

Extension.OID Property
http://msdn.microsoft.com/en-us/library/aa382418(VS.85).aspx

 

EncodedData.Format Method
http://msdn.microsoft.com/en-us/library/aa382001(VS.85).aspx

 

 

 

 

spat

Leave a Comment
  • Please add 7 and 5 and type the answer here:
  • Post
  • Not sure you care, but I thought you may

    In Powershell you can do this

    dir cert:\CurrentUser -rec | fl SerialNumber,@{l="SubjectName";e={$_.SubjectName.Name}},@{l="ValidFrom";e={"{0} to {1}" -f $_.NotBefore,$_.NotAfter}}

    You can add the extension easy enough to

  • neat link from ben...

    http://msdn.microsoft.com/en-us/library/aa375724(VS.85).aspx

Page 1 of 1 (2 items)