new push

Scope.ps1

@@ -0,0 +1,58 @@
+param (
+    [string]$CAName,  # Specify the CA name to search for
+    [switch]$Valid,   # Show only valid certificates
+    [switch]$Invalid  # Show only invalid certificates
+)
+
+if (-not $CAName) {
+    $CAName = "NZGOVTCA*"
+}
+
+# Define certificate stores
+$rootStore = "Cert:\LocalMachine\Root"
+$intermediateStore = "Cert:\LocalMachine\CA"
+
+# Function to check certificate validity
+function Check-CertificateValidity {
+    param ($Cert, $StoreName)
+
+    # Get current date
+    $currentDate = Get-Date
+
+    # Check expiration and validity period
+    $isValid = $currentDate -ge $Cert.NotBefore -and $currentDate -le $Cert.NotAfter
+
+    # Prepare result object
+    [PSCustomObject]@{
+        Store       = $StoreName
+        Subject     = $Cert.Subject
+        Issuer      = $Cert.Issuer
+        Thumbprint  = $Cert.Thumbprint
+        ValidFrom   = $Cert.NotBefore
+        ValidTo     = $Cert.NotAfter
+        Status      = if ($isValid) { "Valid" } else { "Invalid" }
+    }
+}
+
+# Get all root and intermediate certificates issued by the specified CA
+$rootCerts = Get-ChildItem -Path $rootStore | Where-Object { $_.Issuer -like "*$CAName*" }
+$intermediateCerts = Get-ChildItem -Path $intermediateStore | Where-Object { $_.Issuer -like "*$CAName*" }
+
+# Check certificates
+$results = @()
+$results += $rootCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Root CA" }
+$results += $intermediateCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Intermediate CA" }
+
+# Apply filtering based on switches
+if ($Valid) {
+    $results = $results | Where-Object { $_.Status -eq "Valid" }
+} elseif ($Invalid) {
+    $results = $results | Where-Object { $_.Status -eq "Invalid" }
+}
+
+# Output results
+if ($results.Count -eq 0) {
+    Write-Host "No certificates found matching the criteria." -ForegroundColor Red
+} else {
+    $results | Format-Table -AutoSize
+}