比 MMC 更好的查看 Windows 证书的方法吗?

比 MMC 更好的查看 Windows 证书的方法吗?

我正在尝试查看我的机器上的 Windows 证书,但 certmgr 和 MMC 的 UI 很糟糕。具体来说,我想要一种快速查看和比较指纹和友好名称的方法。有谁知道更好的工具来做到这一点?

不一定是 GUI,如果控制台命令工作得更好,我也可以接受。

答案1

您可以打开 Powershell 控制台并使用 Cert: 提供程序上的 dir 命令列出所需的信息。例如,以下命令将分别列出当前用户证书和机器证书的指纹和主题(友好名称):

dir Cert:\CurrentUser\My
ls Cert:\LocalMachine\My\

您可以运行以下命令来获取有关如何使用 Powershell 中的证书提供程序处理证书的更多信息。

help certificate

或者你可以在线阅读更多这里

答案2

您可以使用如下 VBS 脚本:

Dim store 
Set store = CreateObject("CAPICOM.Store")

WScript.Echo "Dumping local Root CAs:"
store.Open , "Root", 0  ' or "My" or "CA"
For Each cert In store.CERTIFICATES
     WScript.Echo cert.SubjectName
     'WScript.Echo cert.SerialNumber  
     WScript.Echo cert.Thumbprint   
     WScript.Echo "---------------------------------------"         
Next
WScript.Echo "============================================================================="

WScript.Echo "Dumping Personal CAs:"
store.Open , "CA", 0  
For Each cert In store.CERTIFICATES
     WScript.Echo cert.SubjectName
     'WScript.Echo cert.SerialNumber  
     WScript.Echo cert.Thumbprint   
     WScript.Echo "---------------------------------------"         
Next
WScript.Echo "============================================================================="

WScript.Echo "Dumping Personal certificates:"
store.Open , "My", 0 
For Each cert In store.CERTIFICATES
     WScript.Echo cert.SubjectName
     'WScript.Echo cert.SerialNumber  
     WScript.Echo cert.Thumbprint   
     WScript.Echo "---------------------------------------"         
Next

将代码复制到名为 dumpcerts.vbs 的文件中并执行

cscript dumpcerts.vbs

答案3

我创建了一个 powershell 脚本,可以非常轻松地通过指纹、主题名称或序列号查找证书。

默认情况下,它将搜索“CurrentUser”和“LocalMachine”证书存储,并对指纹、主题名称和序列号进行不区分大小写的松散匹配。您还可以添加 -PrivateKey 以仅列出具有私钥的证书,并添加 -expiration 以按到期日期列出证书。除了使用 -expiration 标志时,它将返回您可以操作的实际 .NET X509Certificate 对象列表。

使用示例:

获取证书 a909

获取证书 contoso-privateKey

它还添加了两个别名:lscert、dircert

function Get-Cert {
  param (
    [string]$filter,
    [string]$thumbprint,
    [string]$subject,
    [string]$altName,
    [string]$serialNumber,
    [switch]$expiration,
    [switch]$privateKey,
    [string[]]$certDirectoryOverride,
    [string[]]$localFolders
    )
  $certDirectories  = "cert:\CurrentUser\My", "cert:\LocalMachine\My"

  # Set the cert store to list from
  $certStores = $certDirectories
  if ($certDirectoryOverride -ne $null) {
    $certStores = $certDirectoryOverride
  }

  $items = @()
  # get all certs from the stores
  foreach ($store in $certStores) {
    $items += ls $store
  }

  if ($localFolders) {
    foreach ($folder in $localFolders) {
      $localCertPaths = ls -path $folder -i *cer -rec
      foreach ($certPath in $localCertPaths) {
        $fullName = $certPath.FullName
        $directoryName = $certPath.DirectoryName
        $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)
        add-member -InputObject $cert -MemberType NoteProperty -Name PSParentPath -Value $directoryName -ErrorAction SilentlyContinue
        add-member -InputObject $cert -MemberType NoteProperty -Name Path -Value $fullName
        add-member -InputObject $cert -MemberType NoteProperty -Name FileName -Value $fileName

        $items += $cert;
      }
    }
  }

  # add handy expiration property
  $items | %{
    add-member -InputObject $_ -MemberType ScriptProperty -Name Expiration -Value {[DateTime]$this.GetExpirationDateString()} -ErrorAction SilentlyContinue
    add-member -InputObject $_ -MemberType AliasProperty -Name Path -Value PSPath -ErrorAction SilentlyContinue
    add-member -InputObject $_ -MemberType AliasProperty -Name FileName -Value PSPath -ErrorAction SilentlyContinue

    add-member -InputObject $_ -MemberType ScriptProperty -Name SubjectAlternateNames -ErrorAction SilentlyContinue -Value {
      return ($this.Extensions | Where-Object {$_.Oid.FriendlyName -eq "subject alternative name"}).Format(1).Replace("`r`n",", ").Replace("DNS Name=","")
    }
    add-member -InputObject $_ -MemberType AliasProperty -Name AlternateNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
    add-member -InputObject $_ -MemberType AliasProperty -Name AlternativeNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
    add-member -InputObject $_ -MemberType AliasProperty -Name SubjectAlternativeNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
    add-member -InputObject $_ -MemberType AliasProperty -Name SubjectAltNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
    add-member -InputObject $_ -MemberType AliasProperty -Name AltNames -Value SubjectAlternateNames -ErrorAction SilentlyContinue
  }

  # filter all the certs
  if ($filter -ne $null) {
    $items = $items | where-object {
      ($_.Thumbprint -match $filter) -or
      ($_.Subject -match $filter) -or
      ($_.SerialNumber -match $filter) -or
      ($_.SubjectAlternateName -match $filter)
      }
  }
  if ($thumbprint -ne $null) {
    $items = $items | where {$_.Thumbprint -match $thumbprint}
  }
  if ($subject -ne $null) {
    $items = $items | where {$_.Subject -match $subject}
  }
  if ($altName -ne $null) {
    $items = $items | where {$_.SubjectAlternateNames -match $altName}
  }
  if ($serialNumber -ne $null) {
    $items = $items | where {$_.SerialNumber -match $serialNumber}
  }
  if ($privateKey) {
    $items = $items | where {$_.PrivateKey -ne $null}
  }

  if ($expiration) {
    return $items | sort expiration | ft expiration, thumbprint, subject
  }

  return $items
}

new-alias lscert Get-Cert -ErrorAction SilentlyContinue
new-alias dircert Get-Cert -ErrorAction SilentlyContinue


相关内容