使用PowerShell 遍历证书信息，查找对应证书

087988

今天再来更新一篇博客，同样也是关于PowerShell的应用，熟练使用PowerShell对于平时的工作很多时候能够起到意想不到的效果，很多事情换个思路往往会发现能够少走很多弯路，今天介绍的其实主要是PowerShell在证书方面的一些简单应用，对应的也是平时工作中用到的一个场景，在我们的生产环境中有很多很多张证书，有一些自签名的，也有很多从第三方公司申请的公网证书，这些证书平时我们都备份在一个公共的文件夹中，以备不时之需，久而久之，文件夹里存放的证书就已经不下百张了，而且各种文件夹穿插着放一下让整个文件夹的结构变得更加复杂。平时想把证书找出来要花不少时间，还要查看证书的属性一一验证。因此前段时间写了这个PowerShell的脚本来方便查询，这个脚本可以根据输入的文件夹路径以及证书的指纹信息，便利文件夹下所有证书的属性，来查询特定指纹的证书的详细信息以及路径，脚本内容如下

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192

#Get-Pfxdata is only supported by PowerShell 4.0 or Higher [cmdletbinding()] param(     [parameter(Mandatory = $true, Position = 0)]     [string]$Thumbprint,     [parameter(Mandatory = $true, Position = 1)]     [string]$FolderPath,     [parameter(Mandatory = $false, Position = 2)]     $Password ) if ($PSVersionTable.PSVersion.Major -lt 4) {           Write-Warning "You need run the script on PowerShell 4.0 or Higher"     exit } [string[]]$CertPath = $null [string[]]$ShortCertPath = $null [pscustomobject[]]$OutputCerts = $null #==================================================================== $ShortCertPath = Get-ChildItem -Path $FolderPath -Recurse -Force -Include *.cer, *.pfx -Name #其实用FUllName就可以直接实现了 foreach ($scp in $ShortCertPath) {     $CertPath+=Join-Path $FolderPath $scp } #==================================================================== #密码是个可选参数，这里设置了默认密码的值，如果有统一密码可以在脚本里***那个位置将密码填上 if ($Password) {     $Password = ConvertTo-SecureString -AsPlainText $Password -Force } else {     $Password = ConvertTo-SecureString -AsPlainText "***" -Force } #==================================================================== foreach ($cp in $CertPath) {     if ($cp.EndsWith(".pfx"))     {         try         {             $Error.clear()             $PfxCert = Get-PfxData -FilePath $cp -Password $Password         }         catch         {             #$ErrorMessage = $cp+$Error[0].Exception.Message             #Write-Host -ForegroundColor 'Red' "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage             $pwdtxt = Join-Path (Get-ChildItem $cp).Directory.FullName "pwd.txt"             if (Test-Path $pwdtxt)             {                 $OtherPasswordtxt = Get-Content $pwdtxt                 if($OtherPasswordtxt.Length -lt 5)                 {                     $OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt[0] -Force                 }                 else                 {                 $OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt -Force                 }                 try                 {                     $Error.clear()                     $PfxCert = Get-PfxData -FilePath $cp -Password $OtherPassword                 }                 catch                 {                     $ErrorMessage = $cp+$Error[0].Exception.Message                     Write-Warning "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage                                       }             }             else             {                 Write-Warning "Didn't find the password for $cp, so pls check the thumbprint manually"                 #Write-Warning "The password for $cp is not correct, so pls check the thumbprint manually"             }                      }                   $PfxThumbprint = $PfxCert.EndEntityCertificates.Thumbprint         if ($PfxThumbprint -eq $Thumbprint)         {             $PfxObject = $null             $PfxObject = New-Object -TypeName psobject             $PfxObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $PfxCert.EndEntityCertificates.EnhancedKeyUsageList             $PfxObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $PfxCert.EndEntityCertificates.DnsNameList             $PfxObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $PfxCert.EndEntityCertificates.SendAsTrustedIssuer             $PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentPolicyEndPoint             $PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentServerEndPoint             $PfxObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $PfxCert.EndEntityCertificates.PolicyId             $PfxObject | Add-Member -MemberType NoteProperty -Name Archived -Value $PfxCert.EndEntityCertificates.Archived             $PfxObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $PfxCert.EndEntityCertificates.Extensions             $PfxObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $PfxCert.EndEntityCertificates.FriendlyName             $PfxObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $PfxCert.EndEntityCertificates.IssuerName             $PfxObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $PfxCert.EndEntityCertificates.NotAfter             $PfxObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $PfxCert.EndEntityCertificates.NotBefore             $PfxObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $PfxCert.EndEntityCertificates.HasPrivateKey             $PfxObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $PfxCert.EndEntityCertificates.PrivateKey             $PfxObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $PfxCert.EndEntityCertificates.PublicKey             $PfxObject | Add-Member -MemberType NoteProperty -Name RawData -Value $PfxCert.EndEntityCertificates.RawData             $PfxObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $PfxCert.EndEntityCertificates.SerialNumber             $PfxObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $PfxCert.EndEntityCertificates.SubjectName             $PfxObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $PfxCert.EndEntityCertificates.SignatureAlgorithm             $PfxObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $PfxCert.EndEntityCertificates.Thumbprint             $PfxObject | Add-Member -MemberType NoteProperty -Name Version -Value $PfxCert.EndEntityCertificates.Version             $PfxObject | Add-Member -MemberType NoteProperty -Name Handle -Value $PfxCert.EndEntityCertificates.Handle             $PfxObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $PfxCert.EndEntityCertificates.Issuer             $PfxObject | Add-Member -MemberType NoteProperty -Name Subject -Value $PfxCert.EndEntityCertificates.Subject             $PfxObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp             $OutputCerts += $PfxObject         }               }     elseif ($cp.EndsWith(".cer"))     {         $CerCert = Get-PfxCertificate -FilePath $cp         $CerThumbprint = $CerCert.Thumbprint         if ($CerThumbprint -eq $Thumbprint)         {             $CerObject = $null             $CerObject = New-Object -TypeName psobject             $CerObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $CerCert.EnhancedKeyUsageList             $CerObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $CerCert.DnsNameList             $CerObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $CerCert.SendAsTrustedIssuer             $CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $CerCert.EnrollmentPolicyEndPoint             $CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $CerCert.EnrollmentServerEndPoint             $CerObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $CerCert.PolicyId             $CerObject | Add-Member -MemberType NoteProperty -Name Archived -Value $CerCert.Archived             $CerObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $CerCert.Extensions             $CerObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $CerCert.FriendlyName             $CerObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $CerCert.IssuerName             $CerObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $CerCert.NotAfter             $CerObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $CerCert.NotBefore             $CerObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $CerCert.HasPrivateKey             $CerObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $CerCert.PrivateKey             $CerObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $CerCert.PublicKey             $CerObject | Add-Member -MemberType NoteProperty -Name RawData -Value $CerCert.RawData             $CerObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $CerCert.SerialNumber             $CerObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $CerCert.SubjectName             $CerObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $CerCert.SignatureAlgorithm             $CerObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $CerCert.Thumbprint             $CerObject | Add-Member -MemberType NoteProperty -Name Version -Value $CerCert.Version             $CerObject | Add-Member -MemberType NoteProperty -Name Handle -Value $CerCert.Handle             $CerObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $CerCert.Issuer             $CerObject | Add-Member -MemberType NoteProperty -Name Subject -Value $CerCert.Subject             $CerObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp             $OutputCerts += $CerObject         }     }     else     {         Write-Host  "$cp is not a valid cert" -ForegroundColor 'Red'     } } #==================================================================== if ($OutputCerts -ne $null) {     if ($OutputCerts.count -eq 1)     {         Write-Host "There is one cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'               }     else     {         $cc=$OutputCerts.count         Write-Host "There are $cc certs with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'               }                       for ($i = 0; $i -lt $OutputCerts.count;$i++)     {         Write-Host "NO:$($i+1)"         $OutputCerts[$i]         Write-Host "================================================================================================="     }       } else {           Write-Host "There is no cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'       }

总体来说脚本很简单，实现的功能也不复杂，主要是来看一下PowerShell在证书这方面的一些基本应用，有需要的话可以将各种语句自由组合在一起，实现想要的功能