I'm on a mission to list the self-signed certificates ('issued by' and 'issued to' match) on my machine via an automated method. PowerShell is available for use. Preferably the results would be exported to a nice human-readable file.
Asked
Active
Viewed 1.3k times
4
-
Only way I know how to do it would be through [MSDN](https://msdn.microsoft.com/en-us/library/windows/desktop/aa382363(v=vs.85).aspx). But maybe checkout this link on [browsing certificates with PowerShell](https://blogs.technet.microsoft.com/scotts-it-blog/2014/12/30/working-with-certificates-in-powershell/) – RoraΖ May 05 '16 at 12:54
-
If relevant note the roots in the Windows store on [your] machine are **not the only ones that will be *trusted*** by most software on your Windows system e.g. IE/Edge Chrome and dotNET, but not Firefox and Java. – dave_thompson_085 May 06 '16 at 00:38
-
What RoraZ and Dave said. Also: the Windows cert stores are really more of a CACHE than an actual store proper. Windows trusts about 300 roots out of the box. And the local store/cache is updated via the Internet ON-DEMAND if you ever encounter one of them. See [1](http://security.stackexchange.com/questions/46332/browsers-silently-adding-trusted-root-certificates-in-windows), [2](http://security.stackexchange.com/questions/108951/how-much-of-a-problem-is-it-that-windows-hides-some-of-the-trusted-root-ca-cer). – StackzOfZtuff May 06 '16 at 05:21
1 Answers
6
Try “cert:” PsDrive
This here will be human readable. And (thanks to the semicolon as the delimiter) it will also open nicely in Excel:
dir cert: -Recurse |
where {$_.subject -ne $null} |
where {$_.subject -eq $_.issuer} |
Export-Csv -NoTypeInformation -Encoding UTF8 -delimiter ';' -path selfsignedcerts.csv
Further reading
StackzOfZtuff
- 17,923
- 1
- 51
- 86
-
1
-
@Loren: open a dedicated question for that and then give the the link. – StackzOfZtuff Jul 05 '18 at 06:03