使用PowerShell 遍歷證書信息,查找對應證書
今天再來更新一篇博客,一樣也是關於PowerShell的應用,熟練使用PowerShell對於平時的工做不少時候可以起到意想不到的效果,不少事情換個思路每每會發現可以少走不少彎路,今天介紹的其實主要是PowerShell在證書方面的一些簡單應用,對應的也是平時工做中用到的一個場景,在咱們的生產環境中有不少不少張證書,有一些自簽名的,也有不少從第三方公司申請的公網證書,這些證書平時咱們都備份在一個公共的文件夾中,以備不時之需,長此以往,文件夾裏存放的證書就已經不下百張了,並且各類文件夾穿插着放一下讓整個文件夾的結構變得更加複雜。平時想把證書找出來要花很多時間,還要查看證書的屬性一一驗證。所以前段時間寫了這個PowerShell的腳原本方便查詢,這個腳本能夠根據輸入的文件夾路徑以及證書的指紋信息,便利文件夾下全部證書的屬性,來查詢特定指紋的證書的詳細信息以及路徑,腳本內容以下
ide
#Get-Pfxdata is only supported by PowerShell 4.0 or Higher
[cmdletbinding()]
param(
[parameter(Mandatory = $true, Position = 0)]
[string]$Thumbprint,
[parameter(Mandatory = $true, Position = 1)]
[string]$FolderPath,
[parameter(Mandatory = $false, Position = 2)]
$Password
)
if ($PSVersionTable.PSVersion.Major -lt 4)
{
Write-Warning "You need run the script on PowerShell 4.0 or Higher"
exit
}
[string[]]$CertPath = $null
[string[]]$ShortCertPath = $null
[pscustomobject[]]$OutputCerts = $null
#====================================================================
$ShortCertPath = Get-ChildItem -Path $FolderPath -Recurse -Force -Include *.cer, *.pfx -Name
#其實用FUllName就能夠直接實現了
foreach ($scp in $ShortCertPath) {
$CertPath+=Join-Path $FolderPath $scp
}
#====================================================================
#密碼是個可選參數,這裏設置了默認密碼的值,若是有統一密碼能夠在腳本里***那個位置將密碼填上
if ($Password)
{
$Password = ConvertTo-SecureString -AsPlainText $Password -Force
}
else
{
$Password = ConvertTo-SecureString -AsPlainText "***" -Force
}
#====================================================================
foreach ($cp in $CertPath) {
if ($cp.EndsWith(".pfx"))
{
try
{
$Error.clear()
$PfxCert = Get-PfxData -FilePath $cp -Password $Password
}
catch
{
#$ErrorMessage = $cp+$Error[0].Exception.Message
#Write-Host -ForegroundColor 'Red' "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage
$pwdtxt = Join-Path (Get-ChildItem $cp).Directory.FullName "pwd.txt"
if (Test-Path $pwdtxt)
{
$OtherPasswordtxt = Get-Content $pwdtxt
if($OtherPasswordtxt.Length -lt 5)
{
$OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt[0] -Force
}
else
{
$OtherPassword = ConvertTo-SecureString -AsPlainText $OtherPasswordtxt -Force
}
try
{
$Error.clear()
$PfxCert = Get-PfxData -FilePath $cp -Password $OtherPassword
}
catch
{
$ErrorMessage = $cp+$Error[0].Exception.Message
Write-Warning "$(Get-Date -uFormat %Y%m%d-%H:%M:%S)" $ErrorMessage
}
}
else
{
Write-Warning "Didn't find the password for $cp, so pls check the thumbprint manually"
#Write-Warning "The password for $cp is not correct, so pls check the thumbprint manually"
}
}
$PfxThumbprint = $PfxCert.EndEntityCertificates.Thumbprint
if ($PfxThumbprint -eq $Thumbprint)
{
$PfxObject = $null
$PfxObject = New-Object -TypeName psobject
$PfxObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $PfxCert.EndEntityCertificates.EnhancedKeyUsageList
$PfxObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $PfxCert.EndEntityCertificates.DnsNameList
$PfxObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $PfxCert.EndEntityCertificates.SendAsTrustedIssuer
$PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentPolicyEndPoint
$PfxObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $PfxCert.EndEntityCertificates.EnrollmentServerEndPoint
$PfxObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $PfxCert.EndEntityCertificates.PolicyId
$PfxObject | Add-Member -MemberType NoteProperty -Name Archived -Value $PfxCert.EndEntityCertificates.Archived
$PfxObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $PfxCert.EndEntityCertificates.Extensions
$PfxObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $PfxCert.EndEntityCertificates.FriendlyName
$PfxObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $PfxCert.EndEntityCertificates.IssuerName
$PfxObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $PfxCert.EndEntityCertificates.NotAfter
$PfxObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $PfxCert.EndEntityCertificates.NotBefore
$PfxObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $PfxCert.EndEntityCertificates.HasPrivateKey
$PfxObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $PfxCert.EndEntityCertificates.PrivateKey
$PfxObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $PfxCert.EndEntityCertificates.PublicKey
$PfxObject | Add-Member -MemberType NoteProperty -Name RawData -Value $PfxCert.EndEntityCertificates.RawData
$PfxObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $PfxCert.EndEntityCertificates.SerialNumber
$PfxObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $PfxCert.EndEntityCertificates.SubjectName
$PfxObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $PfxCert.EndEntityCertificates.SignatureAlgorithm
$PfxObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $PfxCert.EndEntityCertificates.Thumbprint
$PfxObject | Add-Member -MemberType NoteProperty -Name Version -Value $PfxCert.EndEntityCertificates.Version
$PfxObject | Add-Member -MemberType NoteProperty -Name Handle -Value $PfxCert.EndEntityCertificates.Handle
$PfxObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $PfxCert.EndEntityCertificates.Issuer
$PfxObject | Add-Member -MemberType NoteProperty -Name Subject -Value $PfxCert.EndEntityCertificates.Subject
$PfxObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp
$OutputCerts += $PfxObject
}
}
elseif ($cp.EndsWith(".cer"))
{
$CerCert = Get-PfxCertificate -FilePath $cp
$CerThumbprint = $CerCert.Thumbprint
if ($CerThumbprint -eq $Thumbprint)
{
$CerObject = $null
$CerObject = New-Object -TypeName psobject
$CerObject | Add-Member -MemberType NoteProperty -Name EnhancedKeyUsageList -Value $CerCert.EnhancedKeyUsageList
$CerObject | Add-Member -MemberType NoteProperty -Name DnsNameList -Value $CerCert.DnsNameList
$CerObject | Add-Member -MemberType NoteProperty -Name SendAsTrustedIssuer -Value $CerCert.SendAsTrustedIssuer
$CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentPolicyEndPoint -Value $CerCert.EnrollmentPolicyEndPoint
$CerObject | Add-Member -MemberType NoteProperty -Name EnrollmentServerEndPoint -Value $CerCert.EnrollmentServerEndPoint
$CerObject | Add-Member -MemberType NoteProperty -Name PolicyId -Value $CerCert.PolicyId
$CerObject | Add-Member -MemberType NoteProperty -Name Archived -Value $CerCert.Archived
$CerObject | Add-Member -MemberType NoteProperty -Name Extensions -Value $CerCert.Extensions
$CerObject | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $CerCert.FriendlyName
$CerObject | Add-Member -MemberType NoteProperty -Name IssuerName -Value $CerCert.IssuerName
$CerObject | Add-Member -MemberType NoteProperty -Name NotAfter -Value $CerCert.NotAfter
$CerObject | Add-Member -MemberType NoteProperty -Name NotBefore -Value $CerCert.NotBefore
$CerObject | Add-Member -MemberType NoteProperty -Name HasPrivateKey -Value $CerCert.HasPrivateKey
$CerObject | Add-Member -MemberType NoteProperty -Name PrivateKey -Value $CerCert.PrivateKey
$CerObject | Add-Member -MemberType NoteProperty -Name PublicKey -Value $CerCert.PublicKey
$CerObject | Add-Member -MemberType NoteProperty -Name RawData -Value $CerCert.RawData
$CerObject | Add-Member -MemberType NoteProperty -Name SerialNumber -Value $CerCert.SerialNumber
$CerObject | Add-Member -MemberType NoteProperty -Name SubjectName -Value $CerCert.SubjectName
$CerObject | Add-Member -MemberType NoteProperty -Name SignatureAlgorithm -Value $CerCert.SignatureAlgorithm
$CerObject | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $CerCert.Thumbprint
$CerObject | Add-Member -MemberType NoteProperty -Name Version -Value $CerCert.Version
$CerObject | Add-Member -MemberType NoteProperty -Name Handle -Value $CerCert.Handle
$CerObject | Add-Member -MemberType NoteProperty -Name Issuer -Value $CerCert.Issuer
$CerObject | Add-Member -MemberType NoteProperty -Name Subject -Value $CerCert.Subject
$CerObject | Add-Member -MemberType NoteProperty -Name CertFilePath -Value $cp
$OutputCerts += $CerObject
}
}
else
{
Write-Host "$cp is not a valid cert" -ForegroundColor 'Red'
}
}
#====================================================================
if ($OutputCerts -ne $null)
{
if ($OutputCerts.count -eq 1)
{
Write-Host "There is one cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
else
{
$cc=$OutputCerts.count
Write-Host "There are $cc certs with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
for ($i = 0; $i -lt $OutputCerts.count;$i++)
{
Write-Host "NO:$($i+1)"
$OutputCerts[$i]
Write-Host "================================================================================================="
}
}
else
{
Write-Host "There is no cert with thumbprint $Thumbprint under Folder $FolderPath" -ForegroundColor 'Cyan'
}
整體來講腳本很簡單,實現的功能也不復雜,主要是來看一下PowerShell在證書這方面的一些基本應用,有須要的話能夠將各類語句自由組合在一塊兒,實現想要的功能orm
相關文章
- 1. openssl生成x509根證書,查看證書信息,簽發證書
- 2. PHP查看SSL證書信息
- 3. 查看https 安全證書信息
- 4. 證書信息的監聽
- 5. powershell 更新 IIS SSL 證書
- 6. openssh使用證書驗證
- 7. libcurl使用認證證書 https認證
- 8. HTTPS 信任證書
- 9. jdk信任證書
- 10. 證書鏈-證書校驗
- 更多相關文章...
- • SVN 查看歷史信息 - SVN 教程
- • Eclipse 添加書籤 - Eclipse 教程
- • C# 中 foreach 遍歷的用法
- • 算法總結-二分查找法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. openssl生成x509根證書,查看證書信息,簽發證書
- 2. PHP查看SSL證書信息
- 3. 查看https 安全證書信息
- 4. 證書信息的監聽
- 5. powershell 更新 IIS SSL 證書
- 6. openssh使用證書驗證
- 7. libcurl使用認證證書 https認證
- 8. HTTPS 信任證書
- 9. jdk信任證書
- 10. 證書鏈-證書校驗