Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
using namespace System.Net.Sockets
using namespace System.Net.Security
using namespace System.Security.Cryptography.X509Certificates
function ConvertFrom-X509Certificate {
param(
[Parameter(ValueFromPipeline)]
[X509Certificate2]$Certificate
)
process {
@(
'-----BEGIN CERTIFICATE-----'
[Convert]::ToBase64String(
$Certificate.Export([X509ContentType]::Cert),
[Base64FormattingOptions]::InsertLineBreaks
)
'-----END CERTIFICATE-----'
) -join [Environment]::NewLine
}
}
function Get-RemoteCertificate {
param(
[Alias('CN')]
[Parameter(Mandatory = $true, Position = 0)]
[string]$ComputerName,
[Parameter(Position = 1)]
[UInt16]$Port = 443,
[ValidateSet('Base64', 'X509Certificate')]
[string]$As = 'X509Certificate'
)
$tcpClient = [TcpClient]::new($ComputerName, $Port)
try {
$tlsClient = [SslStream]::new($tcpClient.GetStream())
$tlsClient.AuthenticateAsClient($ComputerName)
if ($As -eq 'Base64') {
return $tlsClient.RemoteCertificate |ConvertFrom-X509Certificate
}
return $tlsClient.RemoteCertificate -as [X509Certificate2]
}
finally {
if ($tlsClient -is [IDisposable]) {
$tlsClient.Dispose()
}
$tcpClient.Dispose()
}
}
@lkeersmaekers
Copy link

lkeersmaekers commented Sep 9, 2021

Just what I needed but I've added a [switch]$Insecure = $false to the parameters and changed to $tlsClient = [SslStream]::new($tcpClient.GetStream(), $false, {$Insecure}) to be able to get certificate information when the certificate is invalid.

@MertSenel
Copy link

MertSenel commented Nov 26, 2022

thanks you @IISResetMe this is something I was looking for.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment