diff --git a/CA.ps1 b/CA.ps1 new file mode 100644 index 0000000..5300d2b --- /dev/null +++ b/CA.ps1 @@ -0,0 +1,58 @@ +param ( + [string]$CAName, # Specify the CA name to search for + [switch]$Valid, # Show only valid certificates + [switch]$Invalid # Show only invalid certificates +) + +if (-not $CAName) { + $CAName = "NZGOVTCA*" +} + +# Define certificate stores +$rootStore = "Cert:\LocalMachine\Root" +$intermediateStore = "Cert:\LocalMachine\CA" + +# Function to check certificate validity +function Check-CertificateValidity { + param ($Cert, $StoreName) + + # Get current date + $currentDate = Get-Date + + # Check expiration and validity period + $isValid = $currentDate -ge $Cert.NotBefore -and $currentDate -le $Cert.NotAfter + + # Prepare result object + [PSCustomObject]@{ + Store = $StoreName + Subject = $Cert.Subject + Issuer = $Cert.Issuer + Thumbprint = $Cert.Thumbprint + ValidFrom = $Cert.NotBefore + ValidTo = $Cert.NotAfter + Status = if ($isValid) { "Valid" } else { "Invalid" } + } +} + +# Get all root and intermediate certificates issued by the specified CA +$rootCerts = Get-ChildItem -Path $rootStore | Where-Object { $_.Issuer -like "*$CAName*" } +$intermediateCerts = Get-ChildItem -Path $intermediateStore | Where-Object { $_.Issuer -like "*$CAName*" } + +# Check certificates +$results = @() +$results += $rootCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Root CA" } +$results += $intermediateCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Intermediate CA" } + +# Apply filtering based on switches +if ($Valid) { + $results = $results | Where-Object { $_.Status -eq "Valid" } +} elseif ($Invalid) { + $results = $results | Where-Object { $_.Status -eq "Invalid" } +} + +# Output results +if ($results.Count -eq 0) { + Write-Host "No certificates found matching the criteria." -ForegroundColor Red +} else { + $results | Format-Table -AutoSize +}