You can use PowerShell to manage your local certificate store.
The default PowerShell Get-ChildItem cmdlet allows for accessing the local certificate store. But you must start your PowerShell shell session as an administrator, as access might be restricted by GPO settings.
List all certificate folder on the local machine
Get-ChildItem -Path Cert:\LocalMachine\Name : TrustedPublisherName : ClientAuthIssuerName : Remote DesktopName : RootName : TrustedDevicesName : SPCName : CAName : REQUESTName : AuthRootName : WebHostingName : TrustedPeopleName : MyName : SmartCardRootName : TrustName : Disallowed
List all available certificates for the computer
Get-ChildItem -Path Cert:\LocalMachine\My Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- -------EC225A0183DC64D864C8BEA1477822858FCEC767 CN=WMSvc-EXSRV02 E2BC29B1445FD267E5A2823591A5221D67D0D94F CN=Microsoft Exchange Server Auth Certificate D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF CN=EXSRV02 60246A87C12BEB365E7B4044C926587590A3D7B6 CN=mobile.mcmemail.de, O=mcmemail, C=DE 5F103D6C61BF57D86DB4AAA05597B0D1E8155884 CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro.
Retrieve certificate details
The example shows a self-signed certificate of a Trend Micro ScanMail for Exchange setup.
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\5F103D6C61BF57D86DB4AAA05597B0D1E8155884 $cert | fl Subject : CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro ScanMail for Microsoft Exchange Issuer : CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro ScanMail for Microsoft Exchange Thumbprint : 5F103D6C61BF57D86DB4AAA05597B0D1E8155884 FriendlyName : NotBefore : 17.11.2014 00:00:00 NotAfter : 16.11.2017 00:00:00 Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
A certificate issued by an Enterprise CA looks like this
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\60246A87C12BEB365E7B4044C926587590A3D7B6 $cert | fl Subject : CN=mobile.mcmemail.de, O=mcmemail, C=DE Issuer : CN=mcmemail-DC01-CA, DC=mcmemail, DC=de Thumbprint : 60246A87C12BEB365E7B4044C926587590A3D7B6 FriendlyName : mcmemail Exchange Server 2013 Certificate NotBefore : 28.08.2014 15:14:04 NotAfter : 28.08.2015 15:24:04 Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}
Export a single certificate
$cert | Export-Certificate -FilePath C:tmpcert1.p7b -Type p7b Directory: C:tmp Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 23.12.2014 11:56 1380 cert1.p7b
Export multiple certificates as serialized certificates
$certarray = @() $certarray += $cert $cert = Get-ChildItem -Path Cert:\LocalMachine\My\D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF $certarray += $cert $certarray Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- ------- 60246A87C12BEB365E7B4044C926587590A3D7B6 CN=mobile.mcmemail.de, O=mcmemail, C=DE D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF CN=EXSRV02 $certarray | Export-Certificate -FilePath c:tmpcerts.sst -Type SST Directory: C:tmp Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 23.12.2014 11:58 3056 certs.sst
Enjoy working with certificates.
Do you plan to upgrade to Exchange Server 2019? Do you wonder what the benefits of Microsoft 365 are? Contact us at info@granikos.eu