From e5f3534ecca4425f04f9cf49cd61810792b4bea2 Mon Sep 17 00:00:00 2001 From: Rephl3x Date: Wed, 24 Sep 2025 00:29:33 +0000 Subject: [PATCH] Add CA.ps1 This will let you find any and all certificates created via particular CA's. Best used when looking for certs issues by old expired CA vs New CA. i.e top level 10 year CA expired - quickly find certs issues by that CA.. --- CA.ps1 | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 CA.ps1 diff --git a/CA.ps1 b/CA.ps1 new file mode 100644 index 0000000..5300d2b --- /dev/null +++ b/CA.ps1 @@ -0,0 +1,58 @@ +param ( + [string]$CAName, # Specify the CA name to search for + [switch]$Valid, # Show only valid certificates + [switch]$Invalid # Show only invalid certificates +) + +if (-not $CAName) { + $CAName = "NZGOVTCA*" +} + +# Define certificate stores +$rootStore = "Cert:\LocalMachine\Root" +$intermediateStore = "Cert:\LocalMachine\CA" + +# Function to check certificate validity +function Check-CertificateValidity { + param ($Cert, $StoreName) + + # Get current date + $currentDate = Get-Date + + # Check expiration and validity period + $isValid = $currentDate -ge $Cert.NotBefore -and $currentDate -le $Cert.NotAfter + + # Prepare result object + [PSCustomObject]@{ + Store = $StoreName + Subject = $Cert.Subject + Issuer = $Cert.Issuer + Thumbprint = $Cert.Thumbprint + ValidFrom = $Cert.NotBefore + ValidTo = $Cert.NotAfter + Status = if ($isValid) { "Valid" } else { "Invalid" } + } +} + +# Get all root and intermediate certificates issued by the specified CA +$rootCerts = Get-ChildItem -Path $rootStore | Where-Object { $_.Issuer -like "*$CAName*" } +$intermediateCerts = Get-ChildItem -Path $intermediateStore | Where-Object { $_.Issuer -like "*$CAName*" } + +# Check certificates +$results = @() +$results += $rootCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Root CA" } +$results += $intermediateCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Intermediate CA" } + +# Apply filtering based on switches +if ($Valid) { + $results = $results | Where-Object { $_.Status -eq "Valid" } +} elseif ($Invalid) { + $results = $results | Where-Object { $_.Status -eq "Invalid" } +} + +# Output results +if ($results.Count -eq 0) { + Write-Host "No certificates found matching the criteria." -ForegroundColor Red +} else { + $results | Format-Table -AutoSize +}