Get Serial number, expiry date, subject name and subject alternative names in script

The question was something like this:

 

..."What I need to be able to do is iterate through each certificate in the Local Machine’s Personal store and spit out at least the serial number, expiry date, subject name and subject alternative names."

Here is the output:

----------------------------------------------------------------

Serial: 619487CD000000E4DCFF
SubjectName: CN=SPATDSG, OU=Workstations, OU=Machines, DC=crisco, DC=com
Valid from 7/29/2008 9:31:40 PM to 8/28/2008 9:31:40 PM
SAN: Other Name:
Principal Name=SPATDSG$@crisco.com

----------------------------------------------------------------

Here is a starter.. requries capicom

Const CAPICOM_LOCAL_MACHINE_STORE = 1

Const CAPICOM_STORE_OPEN_READ_ONLY = 0

Const CAPICOM_CERTIFICATE_FIND_TIME_VALID = 9

Set oStore = CreateObject ("CAPICOM.Store")

oStore.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY

 

Set Certificates = oStore.Certificates.Find(CAPICOM_CERTIFICATE_FIND_TIME_VALID,, 0)

If Certificates.Count >0 Then

                For Each Certificate in Certificates

                                set extensions = Certificate.Extensions()

                                WScript.Echo "Serial: " & Certificate.SerialNumber

                                WScript.Echo "SubjectName: " & Certificate.SubjectName

                                WScript.Echo "Valid from " & Certificate.ValidFromDate & " to " & Certificate.ValidToDate

                                ' get the SAN data if it is there

                                For Each extension in extensions

                                                if extension.OID = 12 then

   SubjectAltName = extension.EncodedData.Format(true)

                                                wscript.echo "SAN: " & SubjectAltName

  end if

                                next

                WScript.Echo "----------------------------------------------------------------"

                WScript.Echo

                Next

Else

WScript.Echo "No certificates"

End If

 

 

 

Hope it helps...

 

Extension.OID Property
https://msdn.microsoft.com/en-us/library/aa382418(VS.85).aspx

 

EncodedData.Format Method
https://msdn.microsoft.com/en-us/library/aa382001(VS.85).aspx

 

 

 

 

spat

Comments

  • Anonymous
    July 31, 2008
    Not sure you care, but I thought you may In Powershell you can do this dir cert:CurrentUser -rec | fl SerialNumber,@{l="SubjectName";e={$.SubjectName.Name}},@{l="ValidFrom";e={"{0} to {1}" -f $.NotBefore,$_.NotAfter}} You can add the extension easy enough to

  • Anonymous
    August 26, 2008
    neat link from ben... http://msdn.microsoft.com/en-us/library/aa375724(VS.85).aspx