Retired Microsoft Blog disclaimer

This directory is a mirror of retired "Decrypt My World" MSDN blog and is provided as is. All posting authorship and copyrights belong to respective authors.
Original URL:
Post name: How to get all certificates in the Server Certificates section of IIS Manager programmatically (PowerShell)
Original author: Alejandro Campos Magencio
Posting date: 2012-04-27T05:28:00+00:00

Hi all,

The certificates in the Server Certificates section of IIS Manager (inetmgr.exe) are certificates located in MY certificate store of the local machine, and their Enhanced Key Usage is Server Authentication. The following sample gets those certs:

# Get all certs in MY store of Local Machine profile
 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","LocalMachine")
 $store.Certificates | 
 % { 
 # Get all extensions for one cert
 $cert = $_
 $cert.Extensions | 
 % { 
 # Find "Enhanced Key Usage" extension
 $extension = $_
 If ($extension.Oid.FriendlyName -eq "Enhanced Key Usage")
 # Get all enhanced key usages for the cert
 $enhancedKeyUsageExtension = [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]$extension
 $enhancedKeyUsageExtension.EnhancedKeyUsages | 
 % { 
 # Find "Server Authentication" enhanced key usage
 $enhancedKeyUsage = $_
 If ($enhancedKeyUsage.FriendlyName -eq "Server Authentication") 
 # We found a cert that will get listed in Server Certificates list in IIS Manager. Show its info 
 $cert | Select Subject, Issuer, NotBefore, NotAfter, Thumbprint, SerialNumber


I hope this helps.



Alex (Alejandro Campos Magencio)

Share this article:


Comments are closed.