Hi all,

The certificates in the Server Certificates section of IIS Manager (inetmgr.exe) are certificates located in MY certificate store of the local machine, and their Enhanced Key Usage is Server Authentication. The following sample gets those certs:

# Get all certs in MY store of Local Machine profile
 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","LocalMachine")
 $store.Open("ReadOnly")
 $store.Certificates | 
 % { 
 # Get all extensions for one cert
 $cert = $_
 $cert.Extensions | 
 % { 
 # Find "Enhanced Key Usage" extension
 $extension = $_
 If ($extension.Oid.FriendlyName -eq "Enhanced Key Usage")
 {
 # Get all enhanced key usages for the cert
 $enhancedKeyUsageExtension = [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]$extension
 $enhancedKeyUsageExtension.EnhancedKeyUsages | 
 % { 
 # Find "Server Authentication" enhanced key usage
 $enhancedKeyUsage = $_
 If ($enhancedKeyUsage.FriendlyName -eq "Server Authentication") 
 {
 # We found a cert that will get listed in Server Certificates list in IIS Manager. Show its info 
 $cert | Select Subject, Issuer, NotBefore, NotAfter, Thumbprint, SerialNumber
 } 
 }
 } 
 }
 }
 $store.Close()

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)