Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘Certificates’ Category

(2013-12-14) SHA1 Deprecation Policy

Posted by Jorge on 2013-12-14


This is an important message for anyone still using SHA1 certificates.

Read more here.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Advertisements

Posted in Active Directory Certificate Services (ADCS), Certificates, SHA1 | Leave a Comment »

(2013-10-22) Searching For Certificates Matching A Specific DNS Name Or WildCard Name

Posted by Jorge on 2013-10-22


If your computer has lots of certificates in the local computer store and you need to find out if one or more certificates will match a specific name in the subject or subject alternate name, or a certificate will match the first level wildcard, you can use the following PowerShell code:

# Searching For A Certificate With A Specific Name In The Subject Name Or Subject Alternate Name (SAN) # Searching For A Certificate With A WildCard Name In The Subject Name Or Subject Alternate Name (SAN) Matching The Specific Name # Define The Specific DNS Name $dnsName = "<FQDN>" # Determine The First Level WildCard Name $wildCardName = "*" + $dnsName.Substring($dnsName.IndexOf(".")) $certs = $null $certs = @() $certsInLocalMachine = DIR cert:\LocalMachine\My $certsInLocalMachine | ForEach-Object{ $certificate = $_ $certThumbprint = $certificate.Thumbprint $certSubject = $($certificate.Subject).substring($($certificate.Subject).IndexOf("=")+1) If ($certSubject.ToUpper() -eq $dnsName.ToUpper() -or $certSubject.ToUpper() -eq $wildCardName.ToUpper()) { $certs += $certificate } $sanCertExtension = $certificate.extensions | Where-Object{$_.oid.FriendlyName.ToLower() -eq "subject alternative name"} $sanObjs = New-Object -ComObject X509Enrollment.CX509ExtensionAlternativeNames If ($sanCertExtension -ne $null) { $altNamesStr = [System.Convert]::ToBase64String($sanCertExtension.RawData) $sanObjs.InitializeDecode(1, $altNamesStr) Foreach ($SAN in $sanObjs.AlternativeNames) { $certAltSubject = $SAN.strValue If ($certAltSubject -ne $null) { If ($certAltSubject.ToUpper() -eq $dnsName.ToUpper() -or $certAltSubject.ToUpper() -eq $wildCardName.ToUpper()) { $certs += $certificate } } } } } $certs | FL

If the DNS Name is "FS.ADCORP.LAB", the output is on my demo machine:

image

Figure 1: Looking For Certificates That Could Support The DNS Name "FS.ADCORP.LAB" (Example)

You might also want to look at the following article, which shows you how to list subject alternate names in a specific certificate:

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Certificates, PowerShell, Tooling/Scripting | 2 Comments »

 
%d bloggers like this: