通過PowerShell中的「證書模板名稱」識別證書

Question

我需要使用PowerShell腳本來選擇「證書模板名稱」作爲「機器」的證書。在certmgr.msc中，它具有值爲「計算機」的「證書模板」。在「詳細信息」中，同一個「證書模板名稱」爲「機器」。

如何在PowerShell腳本中使用這些值中的任何一個？

到目前爲止，我有：

get-childitem cert:\localmachine\my | where-object {$_.} 

我已經試過幾乎所有的智能感知負荷的方法，但一直沒能找到任何符合我的需要。

謝謝你，

Answer 1

試試這個PowerShell的模塊CertificatePS。裏面有這個cmdlet Get-CertificateTemplate，正是你所需要的。我開發了它並自己使用它來區分機器和Web模板證書。

這是使用的一個例子，雖然也有其他可能性如添加PSNoteProperty到每個返回對象

# With Select-Object 
Get-ChildItem "Cert:\LocalMachine\My" | Select-Object Name,Thumbprint,@{Name="Template";Expression={Get-CertificateTemplate $_}} 

# With Where-Object 
Get-ChildItem "Cert:\LocalMachine\My" | Where-Object {Get-CertificateTemplate $_ -eq "Template"}} 

退房瞭解這個模塊here更多的例子。

該模塊並不完美，所以如果您有任何意見或建議，請在github project上這樣做。

Answer 2

這裏是一個天然的PowerShell的解決方案：

感謝轉到PowerShell Gallery

<# 
.SYNOPSIS 
Outputs an object consisting of the template name (Template), an OID (OID), the minor version (MinorVersion), and the major version (MajorVersion). 

.DESCRIPTION 
Outputs an object consisting of the template name (Template), an OID (OID), the minor version (MinorVersion), and the major version (MajorVersion). 
This information is derived from the Certificate Extensions. 

.PARAMETER Certificate 
A X509Certificate2 object 

.EXAMPLE 
Get-ChildItem "Cert:\LocalMachine\My" | Get-CertificateTemplate 

.EXAMPLE 
Get-ChildItem "Cert:\LocalMachine\My" | Select-Object Name,Thumbprint,@{Name="Template";Expression={Get-CertificateTemplate $_}} 

.INPUTS 
Any X509Certificate2 object 

.OUTPUTS 
[PSCustomObject] @{Template=<template name; OID=<oid string>; MajorVersion=<major version num>; MinorVersion=<minor version num> } 
#> 
function Get-CertificateTemplate { 
    [CmdletBinding(SupportsShouldProcess=$false)] 
    [OutputType([string])] 
    Param([Parameter(Mandatory=$true, ValueFromPipeline=$true)] [ValidateNotNull()] [Security.Cryptography.X509Certificates.X509Certificate2]$Certificate) 

    Process { 
    $regExPrimary=[System.Text.RegularExpressions.Regex]::new("Template=([\w\s\d\.]+)\(((?:\d+.)+)\), Major Version Number=(\d+), Minor Version Number=(\d+)",[System.Text.RegularExpressions.RegexOptions]::None) 
    $regExSecondary=[System.Text.RegularExpressions.Regex]::new("Template=((?:\d+.)+), Major Version Number=(\d+), Minor Version Number=(\d+)",[System.Text.RegularExpressions.RegexOptions]::None) 

    $temp = $Certificate.Extensions | Where-Object { $_.Oid.FriendlyName -eq "Certificate Template Name" } 
    if ($temp -eq $null) { 
     Write-Verbose "Did not find 'Certificate Template Name' extension" 
     $temp=$Certificate.Extensions | Where-Object { $_.Oid.Value -eq "1.3.6.1.4.1.311.21.7" } 
    } 
    else { Write-Verbose "Found 'Certificate Template Name' extension" } 

    $Matches=$regExPrimary.Matches($temp.Format($false)) 
    if ($Matches.Count -gt 0) { 
     $object=@{Template=$Matches[0].Groups[1].Value; OID=$Matches[0].Groups[2].Value; 
       MajorVersion=$Matches[0].Groups[3].Value; MinorVersion=$Matches[0].Groups[4].Value; 
       Thumbprint=$Certificate.Thumbprint } 
    } 
    else { 
     $Matches=$regExSecondary.Matches($temp.Format($false)) 
     if ($Matches.Count -gt 0) { 
     Write-Verbose "Found certificate without a valid Template Name" 
     $object=@{Template=$Matches[0].Groups[1].Value; OID=$Matches[0].Groups[1].Value; 
        MajorVersion=$Matches[0].Groups[2].Value; MinorVersion=$Matches[0].Groups[3].Value; 
        Thumbprint=$Certificate.Thumbprint } 

     } 
     else { 
     Write-Verbose "Found root certificate" 
     $object=@{Template="Root Certificate"; OID=""; MajorVersion=""; MinorVersion=""; Thumbprint=$Certificate.Thumbprint } 
     } 
    } 
    return [PSCustomObject]$object 
    } 
} 

Answer 3

下面是一個解決方案SANS模塊：

Get-ChildItem Cert:\LocalMachine\my | Where-Object{$_.Extensions | Where-Object{$_.oid.friendlyname -match "Template" -and $_.format(0) -match "Machine"}}