Monday, August 9, 2021

Powershell - Extract ADFS certificates from ADFS server

Wrote script so people specify the adfs server and the signature and encryption certificate will extract the certs to two files stored in c:\temp


# just put in the ADFS server name 

$AdfsServer = 'adfs.microsoft.com'



[xml]$XmlDocument = (New-Object System.Net.WebClient).DownloadString("https://$AdfsServer/FederationMetadata/2007-06/FederationMetadata.xml")

#ADFS Signing Certificate

$Cert = $xmldocument.entitydescriptor.roledescriptor.keydescriptor | select Use,@{Name="x509"; Expression={(($_.keyinfo).X509data).x509certificate}}

#Sign Cert

$cert | ? {$_.use -eq "signing"} | select -ExpandProperty x509 | out-file c:\temp\Signcert.cer

#Encryption Cert

$cert | ? {$_.use -eq "encryption"} | select -ExpandProperty x509 | out-file c:\temp\Encryptioncert.cer



$Cert