1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
| #Get-Pfxdata is only supported by PowerShell 4.0 or Higher
[cmdletbinding()]
param(
[parameter(Mandatory = $true, Position = 0)]
[string]$Thumbprint,
[parameter(Mandatory = $true, Position = 1)]
[string]$FolderPath,
[parameter(Mandatory = $false, Position = 2)]
$Password
)
if ($PSVersionTable.PSVersion.Major -lt 4)
{
Write-Warning "You need run the script on PowerShell 4.0 or Higher"
exit
}
[string[]]$CertPath = $null
[string[]]$ShortCertPath = $null
[pscustomobject[]]$OutputCerts = $null
#====================================================================
$ShortCertPath = Get-ChildItem -Path $FolderPath -Recurse -Force -Include *.cer, *.pfx -Name
#其实用FUllName就可以直接实现了
foreach ($scp in $ShortCertPath) {
$CertPath+=Join-Path $FolderPath $scp
}
#====================================================================
#密码是个可选参数,这里设置了默认密码的值,如果有统一密码可以在脚本里***那个位置将密码填上
if ($Password)
{
$Password = ConvertTo-SecureString -AsPlainText $Password -Force
}
else
{
$Password = ConvertTo-SecureString -AsPlainText "***" -Force
}
#====================================================================
foreach ($cp in $CertPath) {
if ($cp.EndsWith(".pfx"))
{
try
{
$Error.clear()
$PfxCert = Get-PfxData -FilePath $cp -Password $Password
}
catch
{
#$ErrorMessage = $cp+$Error[0].Exception.Message
#Write-Host -ForegroundColor 'Red' "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage
$pwdtxt = Join-Path (Get-ChildItem $cp).Directory.FullName "pwd.txt"
if (Test-Path $pwdtxt)
{
$OtherPasswordtxt = Get-Content $pwdtxt
if($OtherPasswordtxt.Length -lt 5)
{
$OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt[0] -Force
}
else
{
$OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt -Force
}
try
{
$Error.clear()
$PfxCert = Get-PfxData -FilePath $cp -Password $OtherPassword
}
catch
{
$ErrorMessage = $cp+$Error[0].Exception.Message
Write-Warning "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage
}
}
else
{
Write-Warning "Didn't find the password for $cp, so pls check the thumbprint manually"
#Write-Warning "The password for $cp is not correct, so pls check the thumbprint manually"
}
}
$PfxThumbprint = $PfxCert.EndEntityCertificates.Thumbprint
if ($PfxThumbprint -eq $Thumbprint)
{
$PfxObject = $null
$PfxObject = New-Object -TypeName psobject
$PfxObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $PfxCert.EndEntityCertificates.EnhancedKeyUsageList
$PfxObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $PfxCert.EndEntityCertificates.DnsNameList
$PfxObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $PfxCert.EndEntityCertificates.SendAsTrustedIssuer
$PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentPolicyEndPoint
$PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentServerEndPoint
$PfxObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $PfxCert.EndEntityCertificates.PolicyId
$PfxObject | Add-Member -MemberType NoteProperty -Name Archived -Value $PfxCert.EndEntityCertificates.Archived
$PfxObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $PfxCert.EndEntityCertificates.Extensions
$PfxObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $PfxCert.EndEntityCertificates.FriendlyName
$PfxObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $PfxCert.EndEntityCertificates.IssuerName
$PfxObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $PfxCert.EndEntityCertificates.NotAfter
$PfxObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $PfxCert.EndEntityCertificates.NotBefore
$PfxObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $PfxCert.EndEntityCertificates.HasPrivateKey
$PfxObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $PfxCert.EndEntityCertificates.PrivateKey
$PfxObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $PfxCert.EndEntityCertificates.PublicKey
$PfxObject | Add-Member -MemberType NoteProperty -Name RawData -Value $PfxCert.EndEntityCertificates.RawData
$PfxObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $PfxCert.EndEntityCertificates.SerialNumber
$PfxObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $PfxCert.EndEntityCertificates.SubjectName
$PfxObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $PfxCert.EndEntityCertificates.SignatureAlgorithm
$PfxObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $PfxCert.EndEntityCertificates.Thumbprint
$PfxObject | Add-Member -MemberType NoteProperty -Name Version -Value $PfxCert.EndEntityCertificates.Version
$PfxObject | Add-Member -MemberType NoteProperty -Name Handle -Value $PfxCert.EndEntityCertificates.Handle
$PfxObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $PfxCert.EndEntityCertificates.Issuer
$PfxObject | Add-Member -MemberType NoteProperty -Name Subject -Value $PfxCert.EndEntityCertificates.Subject
$PfxObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp
$OutputCerts += $PfxObject
}
}
elseif ($cp.EndsWith(".cer"))
{
$CerCert = Get-PfxCertificate -FilePath $cp
$CerThumbprint = $CerCert.Thumbprint
if ($CerThumbprint -eq $Thumbprint)
{
$CerObject = $null
$CerObject = New-Object -TypeName psobject
$CerObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $CerCert.EnhancedKeyUsageList
$CerObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $CerCert.DnsNameList
$CerObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $CerCert.SendAsTrustedIssuer
$CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $CerCert.EnrollmentPolicyEndPoint
$CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $CerCert.EnrollmentServerEndPoint
$CerObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $CerCert.PolicyId
$CerObject | Add-Member -MemberType NoteProperty -Name Archived -Value $CerCert.Archived
$CerObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $CerCert.Extensions
$CerObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $CerCert.FriendlyName
$CerObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $CerCert.IssuerName
$CerObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $CerCert.NotAfter
$CerObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $CerCert.NotBefore
$CerObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $CerCert.HasPrivateKey
$CerObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $CerCert.PrivateKey
$CerObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $CerCert.PublicKey
$CerObject | Add-Member -MemberType NoteProperty -Name RawData -Value $CerCert.RawData
$CerObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $CerCert.SerialNumber
$CerObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $CerCert.SubjectName
$CerObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $CerCert.SignatureAlgorithm
$CerObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $CerCert.Thumbprint
$CerObject | Add-Member -MemberType NoteProperty -Name Version -Value $CerCert.Version
$CerObject | Add-Member -MemberType NoteProperty -Name Handle -Value $CerCert.Handle
$CerObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $CerCert.Issuer
$CerObject | Add-Member -MemberType NoteProperty -Name Subject -Value $CerCert.Subject
$CerObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp
$OutputCerts += $CerObject
}
}
else
{
Write-Host "$cp is not a valid cert" -ForegroundColor 'Red'
}
}
#====================================================================
if ($OutputCerts -ne $null)
{
if ($OutputCerts.count -eq 1)
{
Write-Host "There is one cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
else
{
$cc=$OutputCerts.count
Write-Host "There are $cc certs with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
for ($i = 0; $i -lt $OutputCerts.count;$i++)
{
Write-Host "NO:$($i+1)"
$OutputCerts[$i]
Write-Host "================================================================================================="
}
}
else
{
Write-Host "There is no cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
|