View Server Certificate with PowerShell

This is a follow-up to my previous post on checking Server Certificate detail with OpenSSL. Note that this example lacks error checking – that is left as an exercise for the reader. This is based on the “Parallel Universe” blog post “Reading a Certificate off a remote SSL Server for Troubleshooting with Powershell!” – many thanks to John McCabe for sharing.

Here we use System.Net.Sockets.TcpClient with System.Net.Security.SslStream to open a secure session using the AuthenticateAsClient method. We then use System.Security.Cryptography.X509Certificates.X509Certificate2 to read more detail from the server certificate (RemoteCertificate property of SslStream). Getting “Subject Alternative Name” from Extensions property where we filter out the matching Oid FriendlyName – similar to example: Display Subject Alternative Names of a Certificate with PowerShell (Craig Landis, TechNet Wiki). Common ports to test include 443 (https) and 3389 (rdp).

For more detail and a discussion of potential error handling please see the original post linked above from Mr McCabe. Enjoy!

About notesbytom

Keeping technology notes on to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in System Administration and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s