使用PowerShell 遍历证书信息，查找对应证书

xuanxi

#Get-Pfxdata is only supported by PowerShell 4.0 or Higher　　
[cmdletbinding()]
　　
param(
　　[parameter(Mandatory = $true, Position = 0)]
　　[string]$Thumbprint,
　　[parameter(Mandatory = $true, Position = 1)]
　　[string]$FolderPath,
　　[parameter(Mandatory = $false, Position = 2)]
　　$Password
　　
)
　　

　　
if ($PSVersionTable.PSVersion.Major -lt 4)
　　
{
　　Write-Warning "You need run the script on PowerShell 4.0 or Higher"
　　exit
　　
}
　　

　　

　　
[string[]]$CertPath = $null
　　
[string[]]$ShortCertPath = $null
　　
[pscustomobject[]]$OutputCerts = $null
　　

　　
#====================================================================
　　
$ShortCertPath = Get-ChildItem -Path $FolderPath -Recurse -Force -Include *.cer, *.pfx -Name
　　
#其实用FUllName就可以直接实现了
　　
foreach ($scp in $ShortCertPath) {
　　$CertPath+=Join-Path $FolderPath $scp
　　
}
　　

　　
#====================================================================
　　
#密码是个可选参数，这里设置了默认密码的值，如果有统一密码可以在脚本里***那个位置将密码填上
　　
if ($Password)
　　
{
　　$Password = ConvertTo-SecureString -AsPlainText $Password -Force
　　
}
　　
else
　　
{
　　$Password = ConvertTo-SecureString -AsPlainText "***" -Force
　　
}
　　
#====================================================================
　　

　　
foreach ($cp in $CertPath) {
　　if ($cp.EndsWith(".pfx"))
　　{
　　try
　　{
　　$Error.clear()
　　$PfxCert = Get-PfxData -FilePath $cp -Password $Password
　　}
　　catch
　　{
　　#$ErrorMessage = $cp+$Error[0].Exception.Message
　　#Write-Host -ForegroundColor 'Red' "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage
　　$pwdtxt = Join-Path (Get-ChildItem $cp).Directory.FullName "pwd.txt"
　　if (Test-Path $pwdtxt)
　　{
　　$OtherPasswordtxt = Get-Content $pwdtxt
　　
                if($OtherPasswordtxt.Length -lt 5)
　　
                {
　　
                    $OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt[0] -Force
　　
                }
　　
                else
　　
                {
　　
                $OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt -Force
　　
                }
　　try
　　{
　　$Error.clear()
　　$PfxCert = Get-PfxData -FilePath $cp -Password $OtherPassword
　　}
　　catch
　　{
　　$ErrorMessage = $cp+$Error[0].Exception.Message
　　Write-Warning "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage
　　}
　　}
　　else
　　{
　　Write-Warning "Didn't find the password for $cp, so pls check the thumbprint manually"
　　#Write-Warning "The password for $cp is not correct, so pls check the thumbprint manually"
　　}
　　}
　　$PfxThumbprint = $PfxCert.EndEntityCertificates.Thumbprint
　　if ($PfxThumbprint -eq $Thumbprint)
　　{
　　$PfxObject = $null
　　$PfxObject = New-Object -TypeName psobject
　　$PfxObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $PfxCert.EndEntityCertificates.EnhancedKeyUsageList
　　$PfxObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $PfxCert.EndEntityCertificates.DnsNameList
　　$PfxObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $PfxCert.EndEntityCertificates.SendAsTrustedIssuer
　　$PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentPolicyEndPoint
　　$PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentServerEndPoint
　　$PfxObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $PfxCert.EndEntityCertificates.PolicyId
　　$PfxObject | Add-Member -MemberType NoteProperty -Name Archived -Value $PfxCert.EndEntityCertificates.Archived
　　$PfxObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $PfxCert.EndEntityCertificates.Extensions
　　$PfxObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $PfxCert.EndEntityCertificates.FriendlyName
　　$PfxObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $PfxCert.EndEntityCertificates.IssuerName
　　$PfxObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $PfxCert.EndEntityCertificates.NotAfter
　　$PfxObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $PfxCert.EndEntityCertificates.NotBefore
　　$PfxObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $PfxCert.EndEntityCertificates.HasPrivateKey
　　$PfxObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $PfxCert.EndEntityCertificates.PrivateKey
　　$PfxObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $PfxCert.EndEntityCertificates.PublicKey
　　$PfxObject | Add-Member -MemberType NoteProperty -Name RawData -Value $PfxCert.EndEntityCertificates.RawData
　　$PfxObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $PfxCert.EndEntityCertificates.SerialNumber
　　$PfxObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $PfxCert.EndEntityCertificates.SubjectName
　　$PfxObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $PfxCert.EndEntityCertificates.SignatureAlgorithm
　　$PfxObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $PfxCert.EndEntityCertificates.Thumbprint
　　$PfxObject | Add-Member -MemberType NoteProperty -Name Version -Value $PfxCert.EndEntityCertificates.Version
　　$PfxObject | Add-Member -MemberType NoteProperty -Name Handle -Value $PfxCert.EndEntityCertificates.Handle
　　$PfxObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $PfxCert.EndEntityCertificates.Issuer
　　$PfxObject | Add-Member -MemberType NoteProperty -Name Subject -Value $PfxCert.EndEntityCertificates.Subject
　　$PfxObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp
　　$OutputCerts += $PfxObject
　　}
　　}
　　elseif ($cp.EndsWith(".cer"))
　　{
　　$CerCert = Get-PfxCertificate -FilePath $cp
　　$CerThumbprint = $CerCert.Thumbprint
　　if ($CerThumbprint -eq $Thumbprint)
　　{
　　$CerObject = $null
　　$CerObject = New-Object -TypeName psobject
　　$CerObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $CerCert.EnhancedKeyUsageList
　　$CerObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $CerCert.DnsNameList
　　$CerObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $CerCert.SendAsTrustedIssuer
　　$CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $CerCert.EnrollmentPolicyEndPoint
　　$CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $CerCert.EnrollmentServerEndPoint
　　$CerObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $CerCert.PolicyId
　　$CerObject | Add-Member -MemberType NoteProperty -Name Archived -Value $CerCert.Archived
　　$CerObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $CerCert.Extensions
　　$CerObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $CerCert.FriendlyName
　　$CerObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $CerCert.IssuerName
　　$CerObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $CerCert.NotAfter
　　$CerObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $CerCert.NotBefore
　　$CerObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $CerCert.HasPrivateKey
　　$CerObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $CerCert.PrivateKey
　　$CerObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $CerCert.PublicKey
　　$CerObject | Add-Member -MemberType NoteProperty -Name RawData -Value $CerCert.RawData
　　$CerObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $CerCert.SerialNumber
　　$CerObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $CerCert.SubjectName
　　$CerObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $CerCert.SignatureAlgorithm
　　$CerObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $CerCert.Thumbprint
　　$CerObject | Add-Member -MemberType NoteProperty -Name Version -Value $CerCert.Version
　　$CerObject | Add-Member -MemberType NoteProperty -Name Handle -Value $CerCert.Handle
　　$CerObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $CerCert.Issuer
　　$CerObject | Add-Member -MemberType NoteProperty -Name Subject -Value $CerCert.Subject
　　$CerObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp
　　$OutputCerts += $CerObject
　　}
　　}
　　else
　　{
　　Write-Host  "$cp is not a valid cert" -ForegroundColor 'Red'
　　}
　　
}
　　
#====================================================================
　　
if ($OutputCerts -ne $null)
　　
{
　　if ($OutputCerts.count -eq 1)
　　{
　　Write-Host "There is one cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
　　}
　　else
　　{
　　$cc=$OutputCerts.count
　　Write-Host "There are $cc certs with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
　　}
　　for ($i = 0; $i -lt $OutputCerts.count;$i++)
　　{
　　Write-Host "NO:$($i+1)"
　　$OutputCerts[$i]
　　Write-Host "================================================================================================="
　　}
　　
}
　　
else
　　
{
　　Write-Host "There is no cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
　　
}