One of my problems with the X509Certificate2 object is that it doesn’t expose properties for the “Issued From” and “Issued To” data, properties which show by default when viewing certificates in the Windows Certificate MMC snap-in. This makes it difficult to match certificates you see the Certificates MMC with certificates you see in PowerShell.
Today I discovered the GetNameInfo method, which can return the “Issued To/By” text seen in the Certificates MMC snap-in:
Get-ChildItem cert:\CurrentUser\My |
Format-Table @{ Label = 'IssuedTo'; Expression = { $_.GetNameInfo( 'SimpleName', $false ) } },@{ Label = 'IssuedBy' ;Expression = { $_.GetNameInfo( 'SimpleName', $true ) } }
Here it is a little clearer:
$cert.GetNameInfo( 'SimpleName', $false ) # This is IssuedTo.
$cert.GetNameInfo( 'SimpleName', $true ) # This is IssuedBy.
You could also pipe your certificates to Add-Member:
Get-ChildItem cert:\CurrentUser\My |
Add-Member ScriptProperty -Name IssuedTo -Value { $this.GetNameInfo( 'SimpleName', $false) } -PassThru |
Add-Member ScriptProperty -Name IssuedBy -Value { $this.GetNameInfo( 'SimpleName', $true ) } -PassThru |
Format-Table -Property IssuedTo,IssuedBy -AutoSize
The next version of Carbon will add IssuedBy
and IssuedTo
properties to X509Certificate2
objects, so you can do this instead:
Get-ChildItem cert:\CurrentUser\My |
Format-Table IssuedTo,IssuedBy -AutoSize