Showing posts with label certificate. Show all posts
Showing posts with label certificate. Show all posts

Monday, August 9, 2021

Powershell - Extract ADFS certificates from ADFS server

Wrote script so people specify the adfs server and the signature and encryption certificate will extract the certs to two files stored in c:\temp


# just put in the ADFS server name 

$AdfsServer = 'adfs.microsoft.com'



[xml]$XmlDocument = (New-Object System.Net.WebClient).DownloadString("https://$AdfsServer/FederationMetadata/2007-06/FederationMetadata.xml")

#ADFS Signing Certificate

$Cert = $xmldocument.entitydescriptor.roledescriptor.keydescriptor | select Use,@{Name="x509"; Expression={(($_.keyinfo).X509data).x509certificate}}

#Sign Cert

$cert | ? {$_.use -eq "signing"} | select -ExpandProperty x509 | out-file c:\temp\Signcert.cer

#Encryption Cert

$cert | ? {$_.use -eq "encryption"} | select -ExpandProperty x509 | out-file c:\temp\Encryptioncert.cer



$Cert

- No comments:
Labels: , , , ,

Wednesday, July 29, 2020

Powershell - Get certificate information

 List Certificate Templates



function get-CertificateTemplates {
[CmdletBinding()] Param (
     [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]
     [string]$forest
    )
$DefaultPartition = Get-ADDomainController -Server $forest | select -expand DefaultPartition


$configcontext = "CN=Configuration,$($DefaultPartition)"
$ADSI = [ADSI]"LDAP://CN=Certificate Templates,CN=Public Key Services,CN=Services,$ConfigContext"

$ADSI.Children | Sort-Object Name | Select-Object DisplayName, Name, msPKI-Cert-Template-OID
}


List Certificate CDP info

function get-CertificateCDP {
[CmdletBinding()] Param (
     [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]
     [string]$forest
    )

$DefaultPartition = Get-ADDomainController -Server $forest | select -expand DefaultPartition


$configcontext = "CN=Configuration,$($DefaultPartition)"
$ADSI = [ADSI]"LDAP://CN=cdp,CN=Public Key Services,CN=Services,$ConfigContext"

$ADSI.Children  | select cn,Children,path
}

List Certificate Auhtorities in forest - requires activedirectory module

function get-CertificationAuthorities {
[CmdletBinding()] Param (
     [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]
     [string]$forest
    )
  

$DefaultPartition = Get-ADDomainController -Server $forest | select -expand DefaultPartition


$configcontext = "CN=Configuration,$($DefaultPartition)"
$ADSI = [ADSI]"LDAP://CN=Certification Authorities,CN=Public Key Services,CN=Services,$ConfigContext"

$ADSI.Children | select name,whenCreated

}
- No comments:
Labels:

Wednesday, September 20, 2017

Powershell : Certutil Find Expired Certs on CA server

Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query. 
$Before = (get-date).adddays(90).ToString("MM/dd/yyyy")
$After = (get-date).AddDays(-5).ToString("MM/dd/yyyy")
<#

https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/
We create a date range with
$Before, i.e. certificates expiring before this date, and
$After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter.
#>
$Restrict = "NotAfter<=$Before,NotAfter>=$After"
$Report = @()
$cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template"

$SplitLines = $cmd.Split("`n`r")

$Index = 0
foreach ($line in $SplitLines){

    if ($line -like "Row*" ){
        $Details = New-Object PSObject 
        $Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","")
        $Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","")
        $Details | Add-Member noteProperty "Certificate Expiration Date" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","")

        
        if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") {
            $TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","")
        }
        Else {
        write-host "hit"
        $templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","")
        }

        $Details | Add-Member noteProperty "Certificate Template" $TemplateName
        
        
        
        $report += $Details 
    
    }

    $Index++
}
$report
- 2 comments:
Labels: , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)

Powershell: Microsoft Graph to add new roles to application registration

PowerShell Script Bulk add new roles to application registration in azure. Update $roles with ,Us...