Skip to content

Instantly share code, notes, and snippets.

Last active November 24, 2023 16:01
  • Star 6 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
using namespace System.Net.Sockets
using namespace System.Net.Security
using namespace System.Security.Cryptography.X509Certificates
function ConvertFrom-X509Certificate {
process {
) -join [Environment]::NewLine
function Get-RemoteCertificate {
[Parameter(Mandatory = $true, Position = 0)]
[Parameter(Position = 1)]
[UInt16]$Port = 443,
[ValidateSet('Base64', 'X509Certificate')]
[string]$As = 'X509Certificate'
$tcpClient = [TcpClient]::new($ComputerName, $Port)
try {
$tlsClient = [SslStream]::new($tcpClient.GetStream())
if ($As -eq 'Base64') {
return $tlsClient.RemoteCertificate |ConvertFrom-X509Certificate
return $tlsClient.RemoteCertificate -as [X509Certificate2]
finally {
if ($tlsClient -is [IDisposable]) {
Copy link

Just what I needed but I've added a [switch]$Insecure = $false to the parameters and changed to $tlsClient = [SslStream]::new($tcpClient.GetStream(), $false, {$Insecure}) to be able to get certificate information when the certificate is invalid.

Copy link

thanks you @IISResetMe this is something I was looking for.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment