我正在尝试查看我的机器上的 Windows 证书,但 certmgr 和 MMC 的 UI 很糟糕。具体来说,我想要一种快速查看和比较指纹和友好名称的方法。有谁知道更好的工具来做到这一点?
不一定是 GUI,如果控制台命令工作得更好,我也可以接受。
答案1
您可以打开 Powershell 控制台并使用 Cert: 提供程序上的 dir 命令列出所需的信息。例如,以下命令将分别列出当前用户证书和机器证书的指纹和主题(友好名称):
dir Cert:\CurrentUser\My
ls Cert:\LocalMachine\My\
您可以运行以下命令来获取有关如何使用 Powershell 中的证书提供程序处理证书的更多信息。
help certificate
或者你可以在线阅读更多这里
答案2
您可以使用如下 VBS 脚本:
Dim store
Set store = CreateObject("CAPICOM.Store")
WScript.Echo "Dumping local Root CAs:"
store.Open , "Root", 0 ' or "My" or "CA"
For Each cert In store.CERTIFICATES
WScript.Echo cert.SubjectName
'WScript.Echo cert.SerialNumber
WScript.Echo cert.Thumbprint
WScript.Echo "---------------------------------------"
Next
WScript.Echo "============================================================================="
WScript.Echo "Dumping Personal CAs:"
store.Open , "CA", 0
For Each cert In store.CERTIFICATES
WScript.Echo cert.SubjectName
'WScript.Echo cert.SerialNumber
WScript.Echo cert.Thumbprint
WScript.Echo "---------------------------------------"
Next
WScript.Echo "============================================================================="
WScript.Echo "Dumping Personal certificates:"
store.Open , "My", 0
For Each cert In store.CERTIFICATES
WScript.Echo cert.SubjectName
'WScript.Echo cert.SerialNumber
WScript.Echo cert.Thumbprint
WScript.Echo "---------------------------------------"
Next
将代码复制到名为 dumpcerts.vbs 的文件中并执行
cscript dumpcerts.vbs
答案3
我创建了一个 powershell 脚本,可以非常轻松地通过指纹、主题名称或序列号查找证书。
默认情况下,它将搜索“CurrentUser”和“LocalMachine”证书存储,并对指纹、主题名称和序列号进行不区分大小写的松散匹配。您还可以添加 -PrivateKey 以仅列出具有私钥的证书,并添加 -expiration 以按到期日期列出证书。除了使用 -expiration 标志时,它将返回您可以操作的实际 .NET X509Certificate 对象列表。
使用示例:
获取证书 a909
获取证书 contoso-privateKey
它还添加了两个别名:lscert、dircert
function Get-Cert {
param (
[string]$filter,
[string]$thumbprint,
[string]$subject,
[string]$altName,
[string]$serialNumber,
[switch]$expiration,
[switch]$privateKey,
[string[]]$certDirectoryOverride,
[string[]]$localFolders
)
$certDirectories = "cert:\CurrentUser\My", "cert:\LocalMachine\My"
# Set the cert store to list from
$certStores = $certDirectories
if ($certDirectoryOverride -ne $null) {
$certStores = $certDirectoryOverride
}
$items = @()
# get all certs from the stores
foreach ($store in $certStores) {
$items += ls $store
}
if ($localFolders) {
foreach ($folder in $localFolders) {
$localCertPaths = ls -path $folder -i *cer -rec
foreach ($certPath in $localCertPaths) {
$fullName = $certPath.FullName
$directoryName = $certPath.DirectoryName
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)
add-member -InputObject $cert -MemberType NoteProperty -Name PSParentPath -Value $directoryName -ErrorAction SilentlyContinue
add-member -InputObject $cert -MemberType NoteProperty -Name Path -Value $fullName
add-member -InputObject $cert -MemberType NoteProperty -Name FileName -Value $fileName
$items += $cert;
}
}
}
# add handy expiration property
$items | %{
add-member -InputObject $_ -MemberType ScriptProperty -Name Expiration -Value {[DateTime]$this.GetExpirationDateString()} -ErrorAction SilentlyContinue
add-member -InputObject $_ -MemberType AliasProperty -Name Path -Value PSPath -ErrorAction SilentlyContinue
add-member -InputObject $_ -MemberType AliasProperty -Name FileName -Value PSPath -ErrorAction SilentlyContinue
add-member -InputObject $_ -MemberType ScriptProperty -Name SubjectAlternateNames -ErrorAction SilentlyContinue -Value {
return ($this.Extensions | Where-Object {$_.Oid.FriendlyName -eq "subject alternative name"}).Format(1).Replace("`r`n",", ").Replace("DNS Name=","")
}
add-member -InputObject $_ -MemberType AliasProperty -Name AlternateNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
add-member -InputObject $_ -MemberType AliasProperty -Name AlternativeNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
add-member -InputObject $_ -MemberType AliasProperty -Name SubjectAlternativeNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
add-member -InputObject $_ -MemberType AliasProperty -Name SubjectAltNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
add-member -InputObject $_ -MemberType AliasProperty -Name AltNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
}
# filter all the certs
if ($filter -ne $null) {
$items = $items | where-object {
($_.Thumbprint -match $filter) -or
($_.Subject -match $filter) -or
($_.SerialNumber -match $filter) -or
($_.SubjectAlternateName -match $filter)
}
}
if ($thumbprint -ne $null) {
$items = $items | where {$_.Thumbprint -match $thumbprint}
}
if ($subject -ne $null) {
$items = $items | where {$_.Subject -match $subject}
}
if ($altName -ne $null) {
$items = $items | where {$_.SubjectAlternateNames -match $altName}
}
if ($serialNumber -ne $null) {
$items = $items | where {$_.SerialNumber -match $serialNumber}
}
if ($privateKey) {
$items = $items | where {$_.PrivateKey -ne $null}
}
if ($expiration) {
return $items | sort expiration | ft expiration, thumbprint, subject
}
return $items
}
new-alias lscert Get-Cert -ErrorAction SilentlyContinue
new-alias dircert Get-Cert -ErrorAction SilentlyContinue