14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Sample Script Repository
  3. Windows

Category filter

Script to get details of all certificates on Windows devices

Jump To

Organizations may need to check that only valid and trusted certificates are used on devices to ensure the proper functioning of the organization. These details can help admins to plan for certificate expirations and renewals. But reviewing every certificate is a tiresome task. Using Hexnode UEM’s Execute Custom Script feature, you can remotely fetch certificates detail on Windows devices.

Disclaimer:

The sample scripts provided below are adapted from third-party open-source sites.

PowerShell script

  • To display details of all certificates present in the Root directory of the local machine account, use the following script:
  • To display the details of a specific certificate present in the Root store using its FriendlyName, use the following script:

    • E.g., To get details of a certificate having the FriendlyName of “DigiCert” from the Root store.

    Get-ChildItem Cert:\LocalMachine\Root\ | where{$_.FriendlyName -eq 'DigiCert'}

  • To display the details of a specific certificate present in all other certificate stores using the certificate’s FriendlyName, use the following script:

    • E.g., To get details of a certificate having FriendlyName of “DigiCert” present in all other certificate stores.

    Get-ChildItem Cert:\LocalMachine\ -Recurse | where{$_.FriendlyName -eq 'DigiCert'}

  • To display details of certificates present in CurrentUser, use the following script:
  • To display the full details of a particular certificate, use the following script:

    • E.g., To get full details of the certificate with the FriendlyName of “DigiCert”.

    Get-ChildItem Cert:\LocalMachine\root | where{$_.FriendlyName -eq 'DigiCert'} | fl *

  • To display details of a specific certificate present in certificate stores using its thumbprint, use the following script:

    • E.g., To get details of a certificate having thumbprint of “4B789A3918C60107A19F629FCA3FEB4FE9CAD49A” present in all other certificate stores.

    $thumbprint = '4B789A3918C60107A19F629FCA3FEB4FE9CAD49A'

    $stores = @('Cert:\CurrentUser\My', 'Cert:\LocalMachine\My')

    foreach ($store in $stores) {

    $cert = Get-ChildItem -Path $store | Where-Object {$_.Thumbprint -eq $thumbprint}

    if ($cert) {

    Write-Host "Certificate found in $store"

    $cert

    } else {

    Write-Host "Certificate not found in $store"

    }

    }

  • To display the certificates expiring in a number of days, use the following script:

    • E.g., To get details of a certificates expiring in 30 days

    Get-ChildItem -Path Cert: -recurse -ExpiringInDays 30

    Notes:

    • It is recommended to manually validate the script execution on a system before executing the action in bulk.
    • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

    Need more help?
    Raise a Ticket Raise a Ticket
    Ask Community Ask Community
    Chat With us Chat With us
  • Sample Script Repository