Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Allows you to pull down a remote systems SSL certificate regardless of whether it's trusted or not. This was made for Powershell Core, so should work on any platform than runs PS Core. No ServicePoint required. Specifically created to pull down and convert a vCenter's SSL Cert and convert to SHA256 thumbprint for registration to NSX-T.
Function Get-SSLCert{
[CmdletBinding()]
<#
.SYNOPSIS
Gets SSL certificate of remote system.
.DESCRIPTION
Gets SSL certificate of remote system in order to get it's thumbprint.
.EXAMPLE
Get-SSLCert tech.zsoldier.com
Returns the certificate as object.
.EXAMPLE
Get-SSLCert tech.zsoldier.com -SHA256Thumbprint
This will simply output the certificates thumbprint as SHA256 format replacing "-" with ":".
Made to enable capturing a vCenter certificate's thumbprint in SHA256 format to register in NSX-T as a compute manager.
.PARAMETER SHA256Thumbprint
Captures certificate and outputs SHA256 formatted thumbprint. Defaults to false.
.PARAMETER URI
Required string value can be DNS or IP Address.
.PARAMETER Port
Define the port to connect to. 443 is default, can be modified to match endpoints actual port for SSL communications.
.NOTES
Authored by: K. Chris Nakagaki
https://tech.zsoldier.com
#>
param (
[Parameter(Mandatory=$true)]
[string]
$URI,
[Parameter(Mandatory=$false)]
[switch]
$SHA256Thumbprint=$false,
[int]
$Port = 443
)
$Certificate = $null
$TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient
try {
$TcpClient.Connect($URI, $Port)
$TcpStream = $TcpClient.GetStream()
$Callback = { param($sender, $cert, $chain, $errors) return $true }
$SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $Callback)
try {
$SslStream.AuthenticateAsClient('')
$Certificate = $SslStream.RemoteCertificate
} finally {
$SslStream.Dispose()
}
} finally {
$TcpClient.Dispose()
}
if ($Certificate) {
if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) {
$Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate
}
$SHA256 = [Security.Cryptography.SHA256]::Create()
$Bytes = $Certificate.GetRawCertData()
$HASH = $SHA256.ComputeHash($Bytes)
$thumbprint = [BitConverter]::ToString($HASH).Replace('-',':')
Switch ($SHA256Thumbprint)
{
$false
{
Write-Output $Certificate
}
$true
{
Write-Output $thumbprint
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.