using namespace System.Net.Sockets | |
using namespace System.Net.Security | |
using namespace System.Security.Cryptography.X509Certificates | |
function ConvertFrom-X509Certificate { | |
param( | |
[Parameter(ValueFromPipeline)] | |
[X509Certificate2]$Certificate | |
) | |
process { | |
@( | |
'-----BEGIN CERTIFICATE-----' | |
[Convert]::ToBase64String( | |
$Certificate.Export([X509ContentType]::Cert), | |
[Base64FormattingOptions]::InsertLineBreaks | |
) | |
'-----END CERTIFICATE-----' | |
) -join [Environment]::NewLine | |
} | |
} | |
function Get-RemoteCertificate { | |
param( | |
[Alias('CN')] | |
[Parameter(Mandatory = $true, Position = 0)] | |
[string]$ComputerName, | |
[Parameter(Position = 1)] | |
[UInt16]$Port = 443, | |
[ValidateSet('Base64', 'X509Certificate')] | |
[string]$As = 'X509Certificate' | |
) | |
$tcpClient = [TcpClient]::new($ComputerName, $Port) | |
try { | |
$tlsClient = [SslStream]::new($tcpClient.GetStream()) | |
$tlsClient.AuthenticateAsClient($ComputerName) | |
if ($As -eq 'Base64') { | |
return $tlsClient.RemoteCertificate |ConvertFrom-X509Certificate | |
} | |
return $tlsClient.RemoteCertificate -as [X509Certificate2] | |
} | |
finally { | |
if ($tlsClient -is [IDisposable]) { | |
$tlsClient.Dispose() | |
} | |
$tcpClient.Dispose() | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment