Certificates can be installed permanently by loading them into Windows certificate store. PowerShell can access this store via its cert: drive. The following line dumps all your personal certificates:

 
PS C:\> Get-ChildItem -Path Cert:\CurrentUser\my


   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\my

Thumbprint                                Subject                              
----------                                -------                              
9F2F02100F6AE1DA83628906D60267F89377A6B2  CN=König von Timbuktu (Ost)          
65C5ED677C9EEE9AB8D8F55354E920313FE427C2  CN=UniYork IT Security              
322CA0B1F37F43B26D4D8DE17DCBF3E2C17CE111  CN=Tobias 
 

Note: if your personal certificate store is empty, you might want to visit one of our earlier tips in this series to create some test certificates.

To view only code-signing certificates, add the –CodeSigningCert dynamic parameter. This excludes any certificates with a different purpose or missing private key:

 
PS C:\> Get-ChildItem -Path Cert:\CurrentUser\my -CodeSigningCert 
 

Certificates are identified by their unique thumbprint ID which serves like names with files:

 
PS C:\> Get-ChildItem -Path Cert:\CurrentUser\my


   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\my

Thumbprint                                Subject                              
----------                                -------                              
9F2F02100F6AE1DA83628906D60267F89377A6B2  CN=King of Timbuktu (Eastside)          
65C5ED677C9EEE9AB8D8F55354E920313FE427C2  CN=UniYork IT Security              
322CA0B1F37F43B26D4D8DE17DCBF3E2C17CE111  CN=Tobias                            


PS C:\> $cert = Get-Item -Path Cert:\CurrentUser\My\9F2F02100F6AE1DA83628906D60267F89377A6B2

PS C:\> $cert 


   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

Thumbprint                                Subject                              
----------                                -------                              
9F2F02100F6AE1DA83628906D60267F89377A6B2  CN=King of Timbuktu (Eastside) 
 

If you don’t know the unique thumbprint ID, you should find it out because only this ID is able to uniquely identify the certificate. One way to find it is by filtering other properties like the subject:

 
PS C:\> dir Cert:\CurrentUser\my | where subject -like *tobias*


   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\my

Thumbprint                                Subject                              
----------                                -------                              
322CA0B1F37F43B26D4D8DE17DCBF3E2C17CE111  CN=Tobias 
 

In our first part of this mini-series you learned how to create new certificates with PowerShell.

In the remaining parts you now learned how to read existing certificates from pfx files and from your personal certificate store.

Join our next tips to find out how you can actually use your certificates to sign PowerShell code!

Twitter This Tip! ReTweet this Tip!

Anonymous