- Powershell Core 6.2 Cookbook
- Jan Hendrik Peters
- 294字
- 2021-06-24 15:14:27
How to do it...
Install and start PowerShell Core on a Windows host and execute the following steps:
- Use the provider cmdlet to list certificate stores and certificates inside a store:
# Another Windows-only provider, allowing access to local cert stores
Get-PSProvider -PSProvider Certificate
# Again, the default cmdlets apply
# List all certificate stores
Get-ChildItem -Path Cert:\CurrentUser
# List all certificates of the user's personal store
Get-ChildItem -Path Cert:\CurrentUser\my
- The extended parameters of the Get-ChildItem cmdlet help to apply additional filters:
# The parameters offered by the Certificate provider are very interesting
# on Windows PowerShell, additional parameters like -EKU and -SslServerAuthentication will be available
Get-ChildItem -Path Cert:\CurrentUser\my -CodeSigningCert
- With PowerShell Core, not all additional parameters of Get-ChildItem that you might know from Windows PowerShell can be used. Where-Object is still your friend:
$certificate = Get-ChildItem -Path Cert:\CurrentUser\my | Select-Object -First 1
# Filter on the OIDs. If OID can't be resolved, use the numeric object ID instead of the friendly name!
# The OID is more reliable and not subject to localization
$certificate.EnhancedKeyUsageList
# for example searching for all client authentication certificates
Get-ChildItem -Path cert:\currentuser\my | Where-Object -FilterScript {$_.EnhancedKeyUsageList.ObjectId -eq '1.3.6.1.5.5.7.3.2'}
# Not unimportant; Filter on certificates where the private key is accessible, i.e. to digitally sign documents
Get-ChildItem -path Cert:\CurrentUser\my |
Where-Object -Property HasPrivateKey |
Format-table -Property Subject,Thumbprint,@{Label='EKU'; Expression = {$_.EnhancedKeyUsageList.FriendlyName -join ','}}
$certificate.HasPrivateKey
- Not all Item cmdlets are implemented for the certificate provider:
# While New and Set cmdlets aren't implemented for certificates, Remove can be used for some spring cleaning
Get-ChildItem -Path Cert:\CurrentUser\my |
Where-Object -Property NotAfter -lt $([datetime]::Today) |
Remove-Item -WhatIf
- But you can still create new certificate stores:
# New-item can be used for new stores - but this is rarely done
New-Item -Path Cert:\LocalMachine\NewStore
Remove-Item -Path Cert:\LocalMachine\NewStore