Showing posts with label SSL certificates. Show all posts
Showing posts with label SSL certificates. Show all posts

01 June 2025

Get certificate used in web request via PowerShell

Get information about the SSL certificate used when accessing example.com/subfolder:

$TheResponse = Invoke-WebRequest https://www.example.com/subfolder/ -UseBasicParsing -TimeoutSec 3 -ErrorAction Stop;$servicePoint = [System.Net.ServicePointManager]::FindServicePoint('https://example.com');$servicePoint.Certificate | Format-Table -Wrap -Autosize;$servicePoint.Certificate.GetCertHashString()

Then to display the certificate hash:

$servicePoint.Certificate.GetCertHashString()

Display the certificate expiration date:

$servicePoint.Certificate.GetExpirationDateString()
No comments:
Filed under:

Create self-signed SSL certificate

Create a certificate for names "MYSERVER1.mycompany.local" and "MYSERVER1" valid for 10 years:

New-SelfSignedCertificate -DnsName MYSERVER1.mycompany.local, MYSERVER1 -CertStoreLocation cert:\LocalMachine\My -NotBefore (Get-Date).AddMonths(-1) -NotAfter (Get-Date).AddYears(10)
No comments:
Filed under:

18 August 2024

Fix AD Certificate Authority ignoring SAN attribute

When requesting a new AD CA certifiate via web enrolment, if it's ignoring the SAN attribute in the Attributes field, run this command on the CA:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Then restart the CA service:

net stop certsvc
net start certsvc

Credit to Terence Luk.

An example of the value to use in the Attributes field to have SANs "MYSERVER" and "MYSERVER.mydomain.com" is:

san:dns=MYSERVER&dns=MYSERVER.mydomain.com

No comments:
Filed under:

18 February 2023

Import SSL certificate PFX using PowerShell

Import-PFXCertificate -CertStoreLocation Cert:\LocalMachine\My -FilePath 'C:\temp\myfile.pfx' -Password (ConvertTo-SecureString -String '(thepassword)' -AsPlainText -Force)
No comments:
Filed under:

04 December 2021

Check SSL certificate chain with OpenSSL

This OpenSSL command may help with troubleshooting certificate or certificate chain issues:

openssl s_client -showcerts -connect example.com:443

No comments:
Filed under:

03 April 2021

Sign RDP file manually

Using the thumbprint of the installed SSL certificate to sign an RDP file:

rdpsign /sha256 abcdef0123456789abcdef0123456789abcdef01 C:\temp\server.rdp

No comments:
Filed under:

Delete SSL certificate

Remove an SSL certificate from the machine's Personal store:

certutil -delstore MY "abcdef01234567890abcdef012345678"

No comments:
Filed under:
Subscribe to: Posts (Atom)