This is a follow-up to my previous post on checking Server Certificate detail with OpenSSL. Note that this example lacks error checking – that is left as an exercise for the reader. This is based on the “Parallel Universe” blog post “Reading a Certificate off a remote SSL Server for Troubleshooting with Powershell!” – many thanks to John McCabe for sharing.
Here we use System.Net.Sockets.TcpClient with System.Net.Security.SslStream to open a secure session using the AuthenticateAsClient method. We then use System.Security.Cryptography.X509Certificates.X509Certificate2 to read more detail from the server certificate (RemoteCertificate property of SslStream). Getting “Subject Alternative Name” from Extensions property where we filter out the matching Oid FriendlyName – similar to example: Display Subject Alternative Names of a Certificate with PowerShell (Craig Landis, TechNet Wiki). Common ports to test include 443 (https) and 3389 (rdp).
For more detail and a discussion of potential error handling please see the original post linked above from Mr McCabe. Enjoy!