Finding Certificate Store names using Powershell


We have a lot of servers running Windows 2008 R2 Core edition. One difficulty of Windows core is that MMC (Microsoft Management Console) is unavailable. This can be problematic when you are working with certificates and just want a way of viewing what certificates are installed and their properties.

To help get around this issue I created a Powershell script to display the certificates and access their properties. I'd like to share some of what I learned in the process.

 

Notes:

  • Finding Microsoft Certificate Store names can be difficult
  • There is one limitation to this process: You can't view other users' certificates

In my searching I found a few articles which proved useful in helping me understand where certificates are can be stored in a Microsoft environment:

As helpful as the above-referenced articles are, the most useful discovery I made was while playing around with the cmdlet Get-ChildItem.  Here is a sample which shows:

  • How to return a list of certificate stores from an account (LocalMachine, CurrentUser, etc…)
  • Iterate over each returned store and add the name to a combo-box dropdown list
  • Set the selected index of the ComboBox to the first returned item

$CertificateStores = (Get-ChildItem cert:\LocalMachine )
$CertificateStores | ForEach-Object {
    $ComboBoxListOfStoresExample.Items.Add($_.name)
  }
# Set default selection to the first item in the list
$ComboBoxListOfStoresExample.SelectedIndex = 0;

 

This can be generalized to pull from other certificate accounts by making a slight alteration to the first line of the script:

 

$SelectedCertificateAccount = "cert:\" + $SomeUserInputValue
$CertificateStores = (Get-ChildItem
$SelectedCertificateAccount )

 

Note: It is important to combine cert:\ and the account name into a variable before calling Get-ChildItem (as demonstrated above). If you call Get-ChildItem with a string literal and text in a string variable, it will fail with a message like this: 

Get-ChildItem : Cannot find drive. A drive with the name 'cer' does not exist.
At line:1 char:14
+ Get-ChildItem <<<<  cer:\$test
    + CategoryInfo          : ObjectNotFound: (cer:String) [Get-ChildItem], DriveNotFoundException
    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

 

Appendix A: Here are the lines of PowerShell necessary to open the Certificate Properties window. This assumes that $Certificate contains a certificate object returned from a Certificate Store:

[System.Reflection.Assembly]::LoadWithPartialName("System.Security")
[System.Security.Cryptography.x509Certificates.X509Certificate2UI]::DisplayCertificate(
$Certificate)

 

Appendix B: Here are the list of Default Certificate Store names returned from both LocalMachine and CurrentUser accounts on a Windows 2008 R2 Installation:

Name : SmartCardRoot
Name : AuthRoot
Name : CA
Name : AddressBook
Name : Trust
Name : Disallowed
Name : Remote Desktop
Name : My
Name : Root
Name : TrustedPeople
Name : TrustedDevices
Name : ACRS
Name : TrustedPublisher
Name : REQUEST


Appendix C: Here are some powershell statements to create a WinForms UI. This code is complete in that it will create all the UI elements and place them in a Window. The catch is that there is no logic behind the UI elements. This is meant more as a reminder of how to create a UI in Powershell

 

# Load .NET assembly
[reflection.assembly]::LoadWithPartialName( "System.Windows.Forms")

# Instantiate a Windows Form
$SampleForm= New-Object Windows.Forms.Form
$SampleForm.Size = New-Object Drawing.Size 380,300
$SampleForm.Text = "Certificate Example"

# Create a combo box to pick one of the stores available in the selected Account
$ComboBoxListOfStoresExample =  New-Object Windows.Forms.ComboBox
$ComboBoxListOfStoresExample.location = New-Object Drawing.point 50, 100
$ComboBoxListOfStoresExample.Size = New-Object Drawing.point 175,15
$ComboBoxListOfStoresExample.DropDownStyle = "DropDownList"

# Create a Label for the Certificate Stores which are returned from the Account
$ComboBoxListOfStoresExampleLbl = New-Object System.Windows.Forms.Label
$ComboBoxListOfStoresExampleLbl.Text = "Select Certificate Store:"
$ComboBoxListOfStoresExampleLbl.Location = New-Object Drawing.Point 5,75
$ComboBoxListOfStoresExampleLbl.Size = New-Object Drawing.point 150, 15

# Create a Button to select a Certificate Store
$ComboBoxListOfStoresBtn = New-Object System.Windows.Forms.Button
$ComboBoxListOfStoresBtn.Text = "Select"
$ComboBoxListOfStoresBtn.add_click({PowershellFunctionToExecute})
$ComboBoxListOfStoresBtn.location = New-Object Drawing.point 235, 100

# Create a Combo box to display the certificates
$ComboBoxListOfCerts =  New-Object Windows.Forms.ComboBox
$ComboBoxListOfCerts.location = New-Object Drawing.point 50, 160
$ComboBoxListOfCerts.Size = New-Object Drawing.point 175,15
$ComboBoxListOfCerts.DropDownStyle = "DropDownList"

# Cretae a label for the Certificate Box
$ComboBoxListOfCertsLbl = New-Object System.Windows.Forms.Label
$ComboBoxListOfCertsLbl.Text = "Select a Certificate:"
$ComboBoxListOfCertsLbl.Location = New-Object Drawing.Point 5,125
$ComboBoxListOfCertsLbl.Size = New-Object Drawing.point 170, 15

# Create a button to display properties about the certificate
$ComboBoxListOfCertsBtn = New-Object System.Windows.Forms.Button
$ComboBoxListOfCertsBtn.Text = "Properties"
$ComboBoxListOfCertsBtn.add_click({ShowCertificateProperties})
$ComboBoxListOfCertsBtn.location = New-Object Drawing.point 235, 160

# ---------------------------     Populate & Show Form     -----------------------------#
$SampleForm.controls.add($ComboBoxListOfStoresExample)
$SampleForm.controls.add($ComboBoxListOfStoresExampleLbl)
$SampleForm.controls.add($ComboBoxListOfStoresBtn)
$SampleForm.controls.add($ComboBoxListOfCerts)
$SampleForm.controls.add($ComboBoxListOfCertsLbl)
$SampleForm.controls.add($ComboBoxListOfCertsBtn)

$SampleForm.ShowDialog()