這裏是一個天然的PowerShell的解決方案:
感謝轉到PowerShell Gallery
<#
.SYNOPSIS
Outputs an object consisting of the template name (Template), an OID (OID), the minor version (MinorVersion), and the major version (MajorVersion).
.DESCRIPTION
Outputs an object consisting of the template name (Template), an OID (OID), the minor version (MinorVersion), and the major version (MajorVersion).
This information is derived from the Certificate Extensions.
.PARAMETER Certificate
A X509Certificate2 object
.EXAMPLE
Get-ChildItem "Cert:\LocalMachine\My" | Get-CertificateTemplate
.EXAMPLE
Get-ChildItem "Cert:\LocalMachine\My" | Select-Object Name,Thumbprint,@{Name="Template";Expression={Get-CertificateTemplate $_}}
.INPUTS
Any X509Certificate2 object
.OUTPUTS
[PSCustomObject] @{Template=<template name; OID=<oid string>; MajorVersion=<major version num>; MinorVersion=<minor version num> }
#>
function Get-CertificateTemplate {
[CmdletBinding(SupportsShouldProcess=$false)]
[OutputType([string])]
Param([Parameter(Mandatory=$true, ValueFromPipeline=$true)] [ValidateNotNull()] [Security.Cryptography.X509Certificates.X509Certificate2]$Certificate)
Process {
$regExPrimary=[System.Text.RegularExpressions.Regex]::new("Template=([\w\s\d\.]+)\(((?:\d+.)+)\), Major Version Number=(\d+), Minor Version Number=(\d+)",[System.Text.RegularExpressions.RegexOptions]::None)
$regExSecondary=[System.Text.RegularExpressions.Regex]::new("Template=((?:\d+.)+), Major Version Number=(\d+), Minor Version Number=(\d+)",[System.Text.RegularExpressions.RegexOptions]::None)
$temp = $Certificate.Extensions | Where-Object { $_.Oid.FriendlyName -eq "Certificate Template Name" }
if ($temp -eq $null) {
Write-Verbose "Did not find 'Certificate Template Name' extension"
$temp=$Certificate.Extensions | Where-Object { $_.Oid.Value -eq "1.3.6.1.4.1.311.21.7" }
}
else { Write-Verbose "Found 'Certificate Template Name' extension" }
$Matches=$regExPrimary.Matches($temp.Format($false))
if ($Matches.Count -gt 0) {
[email protected]{Template=$Matches[0].Groups[1].Value; OID=$Matches[0].Groups[2].Value;
MajorVersion=$Matches[0].Groups[3].Value; MinorVersion=$Matches[0].Groups[4].Value;
Thumbprint=$Certificate.Thumbprint }
}
else {
$Matches=$regExSecondary.Matches($temp.Format($false))
if ($Matches.Count -gt 0) {
Write-Verbose "Found certificate without a valid Template Name"
[email protected]{Template=$Matches[0].Groups[1].Value; OID=$Matches[0].Groups[1].Value;
MajorVersion=$Matches[0].Groups[2].Value; MinorVersion=$Matches[0].Groups[3].Value;
Thumbprint=$Certificate.Thumbprint }
}
else {
Write-Verbose "Found root certificate"
[email protected]{Template="Root Certificate"; OID=""; MajorVersion=""; MinorVersion=""; Thumbprint=$Certificate.Thumbprint }
}
}
return [PSCustomObject]$object
}
}
你在哪裏看到這些信息,例如在'certmgr.msc'?你有沒有嘗試過'Get-ChildItem cert:\ localmachine \ my | Get-Member -Force'? – sodawillow
我不知道如何在PowerShell中使用它,但[X509CertificateCollection2.Find](https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2collection.find( v = vs.110).aspx)(X509FindType.FindByTemplateName,templateNameString,false)可以做你想做的事。 – bartonjs
證書本身不包含模板名稱,只包含模板的對象標識符。您可以從Active Directory中提取特定證書模板的OID,然後根據相應的分機進行篩選 –