Get and Enumerate Certificate Chains Remotely Using PowerShell

Get and Enumerate Certificate Chains Remotely Using PowerShell

January 2, 2019 0 By Amir Joseph Sayes

In responding to the Certificate Trust Issue when using SSL relay with Citrix XML Service, I wrote a function that can get all the certificates in the certificate path (chain), and provide a better view of different attributes which makes reporting and comparing much easier.

The Function would use Authority Key Identifier and the Subject Key Identifier to determine the certificate path and fetch them, until reaching the Root Certificate.

How to Use

The above would search all certificates on the local machine and filter them out to find the certificate that matches the name passed (using the “Subject” property).

If more than one certificate matches, they will be looped into individually
The function will call itself recursively until the issuer and the subject are the same – which means we have reached the Root CA.

 

The above code runs the Function on remote computers using invoke-command.
Starts by creating an array of computer names which you would like to remotely run the function against.
Creates a parameter to pass the certificate you are looking for
Create a definition to the function so we can pass it to each remote invoke-command.
Loop inside the array of computers and pass the function and run it against each one of them using invoke-command.

The Script

 

References

https://splunkbase.splunk.com/app/3113/
 https://github.com/nsacyber/Certificate-Authority-Situational-Awareness