58 lines
1.8 KiB
PowerShell
58 lines
1.8 KiB
PowerShell
param (
|
|
[string]$CAName, # Specify the CA name to search for
|
|
[switch]$Valid, # Show only valid certificates
|
|
[switch]$Invalid # Show only invalid certificates
|
|
)
|
|
|
|
if (-not $CAName) {
|
|
$CAName = "NZGOVTCA*"
|
|
}
|
|
|
|
# Define certificate stores
|
|
$rootStore = "Cert:\LocalMachine\Root"
|
|
$intermediateStore = "Cert:\LocalMachine\CA"
|
|
|
|
# Function to check certificate validity
|
|
function Check-CertificateValidity {
|
|
param ($Cert, $StoreName)
|
|
|
|
# Get current date
|
|
$currentDate = Get-Date
|
|
|
|
# Check expiration and validity period
|
|
$isValid = $currentDate -ge $Cert.NotBefore -and $currentDate -le $Cert.NotAfter
|
|
|
|
# Prepare result object
|
|
[PSCustomObject]@{
|
|
Store = $StoreName
|
|
Subject = $Cert.Subject
|
|
Issuer = $Cert.Issuer
|
|
Thumbprint = $Cert.Thumbprint
|
|
ValidFrom = $Cert.NotBefore
|
|
ValidTo = $Cert.NotAfter
|
|
Status = if ($isValid) { "Valid" } else { "Invalid" }
|
|
}
|
|
}
|
|
|
|
# Get all root and intermediate certificates issued by the specified CA
|
|
$rootCerts = Get-ChildItem -Path $rootStore | Where-Object { $_.Issuer -like "*$CAName*" }
|
|
$intermediateCerts = Get-ChildItem -Path $intermediateStore | Where-Object { $_.Issuer -like "*$CAName*" }
|
|
|
|
# Check certificates
|
|
$results = @()
|
|
$results += $rootCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Root CA" }
|
|
$results += $intermediateCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Intermediate CA" }
|
|
|
|
# Apply filtering based on switches
|
|
if ($Valid) {
|
|
$results = $results | Where-Object { $_.Status -eq "Valid" }
|
|
} elseif ($Invalid) {
|
|
$results = $results | Where-Object { $_.Status -eq "Invalid" }
|
|
}
|
|
|
|
# Output results
|
|
if ($results.Count -eq 0) {
|
|
Write-Host "No certificates found matching the criteria." -ForegroundColor Red
|
|
} else {
|
|
$results | Format-Table -AutoSize
|
|
} |