Powershell 通过 Thumbprint 检索证书作为字符串与字符串变量
Powershell retrieving cert by Thumbprint as string versus string variable
我正在尝试拼凑一些 PowerShell 代码以遍历服务器列表,return 一些关于他们的 IIS 站点和绑定的信息,如果他们有 https 绑定,获取 certificateHash 并使用通过指纹和 return 其到期日期找到证书。
我遇到的问题是,当我 运行 我在 $binding.cerficateHash 下面的代码似乎 return 我所期望的,一串证书哈希,但是当我使用该 certificateHash 属性 尝试通过指纹获取证书,它不起作用...但是当我获取 certificateHash 值的原始字符串值并对其进行硬编码时,它会起作用...
我检查了 certificateHash.GetType() ,它似乎只是一个字符串,所以我不明白我做错了什么,我尝试了一些东西,但无济于事,当然这是我第一次接触 powershell,所以有很多我不知道。
$sites = Invoke-Command -ComputerName $serverName { Import-Module WebAdministration; Get-ChildItem -path IIS:\Sites } -ErrorAction SilentlyContinue
foreach($site in $sites)
{
$serverName
$site.name
$site.physicalPath
foreach($binding in $site.bindings.Collection)
{
$binding.protocol
$binding.bindingInformation
$binding.certificateHash
$binding.certificateStoreName
if($binding.certificateHash)
{
# This outputs AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
$binding.certificateHash
# this retrieves a cert and returns its expiration date, Woohooo!
Start-Job Invoke-Command -ComputerName $serverName -ScriptBlock { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" })[0].GetExpirationDateString() }
# this does not find a cert, and ive tried many things, and no dice.
Start-Job Invoke-Command -ComputerName $serverName -ScriptBlock { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq $binding.certificateHash })[0].GetExpirationDateString() }
# i've tried extracting the hash via "tostring" and using that, no dice
$hash = $binding.certificateHash.ToString()
Start-Job Invoke-Command -ComputerName $serverName -ScriptBlock { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq $hash })[0].GetExpirationDateString() }
# i've tried adding some wildcards and using the -like operator, no dice.
$hash = "*" + $binding.certificateHash + "*"
Start-Job Invoke-Command -ComputerName $serverName -ScriptBlock { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -lilke $hash })[0].GetExpirationDateString() }
}
}
}
站点的示例输出。
- 站点 1
- D:\Apps\site1
- http
- *:80:站点 1-test.ourdomain.com
- https
- *:443:站点 1-test.ourdomain.com
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- 虚拟主机
您调用脚本块的计算机不知道本地会话中的 $binding 变量。 (这也是它在传递文字字符串时起作用的原因。)
尝试将值作为参数传递:
Invoke-Command -Computer $serverName -Script {
param ($hash)
(gci Cert:\LocalMachine\WebHosting | ? Thumbprint -eq $hash)[0].GetExpirationDateString()
} -Arg $binding.certificateHash
我正在尝试拼凑一些 PowerShell 代码以遍历服务器列表,return 一些关于他们的 IIS 站点和绑定的信息,如果他们有 https 绑定,获取 certificateHash 并使用通过指纹和 return 其到期日期找到证书。
我遇到的问题是,当我 运行 我在 $binding.cerficateHash 下面的代码似乎 return 我所期望的,一串证书哈希,但是当我使用该 certificateHash 属性 尝试通过指纹获取证书,它不起作用...但是当我获取 certificateHash 值的原始字符串值并对其进行硬编码时,它会起作用...
我检查了 certificateHash.GetType() ,它似乎只是一个字符串,所以我不明白我做错了什么,我尝试了一些东西,但无济于事,当然这是我第一次接触 powershell,所以有很多我不知道。
$sites = Invoke-Command -ComputerName $serverName { Import-Module WebAdministration; Get-ChildItem -path IIS:\Sites } -ErrorAction SilentlyContinue
foreach($site in $sites)
{
$serverName
$site.name
$site.physicalPath
foreach($binding in $site.bindings.Collection)
{
$binding.protocol
$binding.bindingInformation
$binding.certificateHash
$binding.certificateStoreName
if($binding.certificateHash)
{
# This outputs AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
$binding.certificateHash
# this retrieves a cert and returns its expiration date, Woohooo!
Start-Job Invoke-Command -ComputerName $serverName -ScriptBlock { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" })[0].GetExpirationDateString() }
# this does not find a cert, and ive tried many things, and no dice.
Start-Job Invoke-Command -ComputerName $serverName -ScriptBlock { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq $binding.certificateHash })[0].GetExpirationDateString() }
# i've tried extracting the hash via "tostring" and using that, no dice
$hash = $binding.certificateHash.ToString()
Start-Job Invoke-Command -ComputerName $serverName -ScriptBlock { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -eq $hash })[0].GetExpirationDateString() }
# i've tried adding some wildcards and using the -like operator, no dice.
$hash = "*" + $binding.certificateHash + "*"
Start-Job Invoke-Command -ComputerName $serverName -ScriptBlock { (Get-ChildItem -path Cert:\LocalMachine\WebHosting | Where-Object {$_.Thumbprint -lilke $hash })[0].GetExpirationDateString() }
}
}
}
站点的示例输出。
- 站点 1
- D:\Apps\site1
- http
- *:80:站点 1-test.ourdomain.com
- https
- *:443:站点 1-test.ourdomain.com
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- 虚拟主机
您调用脚本块的计算机不知道本地会话中的 $binding 变量。 (这也是它在传递文字字符串时起作用的原因。)
尝试将值作为参数传递:
Invoke-Command -Computer $serverName -Script {
param ($hash)
(gci Cert:\LocalMachine\WebHosting | ? Thumbprint -eq $hash)[0].GetExpirationDateString()
} -Arg $binding.certificateHash