Created
February 3, 2022 21:05
-
-
Save evetsleep/7e25c2027c2fde78a4adfa252a62e12c to your computer and use it in GitHub Desktop.
Export server certificates to variables and PEM formats
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Export-ServerCertificate { | |
| [CmdletBinding()]Param( | |
| [Parameter(Mandatory,ValueFromPipelineByPropertyName)] | |
| [Alias('HostName')] | |
| [String] | |
| $ComputerName, | |
| [Parameter(Mandatory,ValueFromPipelineByPropertyName)] | |
| [Alias('TCPPort')] | |
| [ValidateRange(1,65000)] | |
| [int] | |
| $Port | |
| ) | |
| process { | |
| $toPEM = @{ | |
| MemberType = 'ScriptMethod' | |
| Name = 'ToPEM' | |
| Value = { | |
| $stringBuilder = [System.Text.StringBuilder]::new() | |
| [void]$stringBuilder.AppendLine('-----BEGIN CERTIFICATE-----') | |
| [void]$stringBuilder.AppendLine([System.Convert]::ToBase64String($this.RawData,1)) | |
| [void]$stringBuilder.AppendLine('-----END CERTIFICATE-----') | |
| $stringBuilder.ToString() | |
| } | |
| } | |
| try { | |
| $tcpSocket = [Net.Sockets.TcpClient]::new("$ComputerName",$port) | |
| $tcpStream = $tcpSocket.GetStream() | |
| $sslStream = [System.Net.Security.SslStream]::new($tcpStream,$false,[System.Net.Security.RemoteCertificateValidationCallback]{ $true }) | |
| $sslStream.AuthenticateAsClient($ComputerName,$null,'TLS12',$true) | |
| $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($sslStream.RemoteCertificate) | |
| $certificate | Add-Member @toPEM | |
| Write-Output $certificate | |
| } | |
| catch { | |
| $PSCmdlet.ThrowTerminatingError($PSItem) | |
| } | |
| finally { | |
| $tcpSocket.Close() | |
| } | |
| } | |
| <# | |
| .SYNOPSIS | |
| Connect to a remote host over TCP and if presented with a TLS 1.2 certificate return an exportable version of it. | |
| .DESCRIPTION | |
| Using .NET, connect to a remote host over a defined port using the .NET sockets TCP client and then export the presented certificate. | |
| .PARAMETER ComputerName | |
| The DNS name of the server to connect to. | |
| .PARAMETER Port | |
| The TCP port to connect to. | |
| .EXAMPLE | |
| $certificate = Export-ServerCertificate -ComputerName www.microsoft.com -Port 443 | |
| PS > $certificate | |
| Thumbprint Subject EnhancedKeyUsageList | |
| ---------- ------- -------------------- | |
| 4A3B9F272C26B6AE4EF2788436EC6B4CFD0522DB CN=www.microsoft.com {Server Authentication, Client Authentication} | |
| PS > $certificate.ToPEM() | |
| -----BEGIN CERTIFICATE----- | |
| MIITYzCCEUugAwIBAgITMwAoZ3uxMMkOpnUasQAAAChnezANBgkqhkiG9w0BAQwFADBZMQswCQYD | |
| VQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSowKAYDVQQDEyFNaWNyb3Nv | |
| ZnQgQXp1cmUgVExTIElzc3VpbmcgQ0EgMDYwHhcNMjIwMTI0MDQzOTU2WhcNMjMwMTE5MDQzOTU2 | |
| WjBkMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT | |
| FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEAxMNbWljcm9zb2Z0LmNvbTCCASIwDQYJKoZI | |
| hvcNAQEBBQADggEPADCCAQoCggEBAOQEAE5s2SaoAJhlyqPLY+wkuaYISvIxYPsXDfszfoE7szsx | |
| CJf64VxawAc3iXUWOqiPuHMB+jdYz7z4h636tGzAUNrrAjdbq3cBmasVws5P4YiUF1hN/A6+9Ljp | |
| rRupquvLrIHPLjF+Q5uCeWrWDu/VjFnyVOnErcVTAVDQ4jeu743V3F3I6/ocLGj+huCEai5+hbd3 | |
| j8cKsG1R+Jioo52IWsryPpWzRxBuKQYm1derwos4LzIsZUzfAwPfQK8h138Ic5vbmTqlXykWboaw | |
| bAQdhm6kKxRAlavP1jIPuVeFFS3e1lmr2l7nbxd4LjFQIjBij5vv2RzABBApo+sM5IkCAwEAAaOC | |
| Dxcwgg8TMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdgCt9776fP8QyIudPZwePhhqtGcpXc+x | |
| DCTKhYY069yCigAAAX6Ka1Y+AAAEAwBHMEUCIQDBkv7Rff+Dqw98aAYsebo3ynM4evuYd4pZDr+l | |
| BptxFAIgS0kaBEzCWuM5zPFNvSGw1p/9qzRSU4vPO4zqb5JgFRgAdwB6MoxU2LcttiDqOOBSHumE | |
| FnAyE4VNO9IrwTpXo1LrUgAAAX6Ka1aQAAAEAwBIMEYCIQC7MRY74UcIYN1yM+T2DQQs7XjiRJA5 | |
| EA4wg9uxAJiuIgIhAJukGNT9jeTideto7WtbMtIlHROgRvYaASPFPRF9InKOAHcAs3N3B+GEUPhj | |
| htYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF+imtWvgAABAMASDBGAiEA297k4xz9rd2SHtzUUWHs | |
| Z3ccSUBrC+Lk/DGsINx1AvoCIQCy5Ji/+KYfJnBMSuULez6gOTCF4SjOUASaaRZqDeg3vjAnBgkr | |
| BgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQvMC0GJSsG | |
| AQQBgjcVCIe91xuB5+tGgoGdLo7QDIfw2h1dgoTlaYLzpz4CAWQCASMwga4GCCsGAQUFBwEBBIGh | |
| MIGeMG0GCCsGAQUFBzAChmFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01p | |
| Y3Jvc29mdCUyMEF6dXJlJTIwVExTJTIwSXNzdWluZyUyMENBJTIwMDYlMjAtJTIweHNpZ24uY3J0 | |
| MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNyb3NvZnQuY29tL29jc3AwHQYDVR0OBBYE | |
| FD/NOl8gJlgWNVFbht67ZFD1P8nTMA4GA1UdDwEB/wQEAwIEsDCCCzYGA1UdEQSCCy0wggspgg1t | |
| aWNyb3NvZnQuY29tgg9zLm1pY3Jvc29mdC5jb22CEGdhLm1pY3Jvc29mdC5jb22CEG1pLm1pY3Jv | |
| c29mdC5jb22CEWFlcC5taWNyb3NvZnQuY29tghFhZXIubWljcm9zb2Z0LmNvbYIRZ3J2Lm1pY3Jv | |
| c29mdC5jb22CEWh1cC5taWNyb3NvZnQuY29tghFtYWMubWljcm9zb2Z0LmNvbYIRbWtiLm1pY3Jv | |
| c29mdC5jb22CEXBtZS5taWNyb3NvZnQuY29tghFwbWkubWljcm9zb2Z0LmNvbYIRcnNzLm1pY3Jv | |
| c29mdC5jb22CEXNhci5taWNyb3NvZnQuY29tghF0Y28ubWljcm9zb2Z0LmNvbYISZnVzZS5taWNy | |
| b3NvZnQuY29tghJpZWFrLm1pY3Jvc29mdC5jb22CEm1hYzIubWljcm9zb2Z0LmNvbYISbWNzcC5t | |
| aWNyb3NvZnQuY29tghJvcGVuLm1pY3Jvc29mdC5jb22CEnNob3AubWljcm9zb2Z0LmNvbYISc3B1 | |
| ci5taWNyb3NvZnQuY29tghNidWlsZC5taWNyb3NvZnQuY29tghNpdHByby5taWNyb3NvZnQuY29t | |
| ghNtYW5nby5taWNyb3NvZnQuY29tghNtdXNpYy5taWNyb3NvZnQuY29tghNweW1lcy5taWNyb3Nv | |
| ZnQuY29tghNzdG9yZS5taWNyb3NvZnQuY29tghRhZXRoZXIubWljcm9zb2Z0LmNvbYIUYWxlcnRz | |
| Lm1pY3Jvc29mdC5jb22CFGRlc2lnbi5taWNyb3NvZnQuY29tghRnYXJhZ2UubWljcm9zb2Z0LmNv | |
| bYIUZ2lnamFtLm1pY3Jvc29mdC5jb22CFGlnbml0ZS5taWNyb3NvZnQuY29tghRtc2N0ZWMubWlj | |
| cm9zb2Z0LmNvbYIUb25saW5lLm1pY3Jvc29mdC5jb22CFHN0cmVhbS5taWNyb3NvZnQuY29tghVh | |
| ZmZsaW5rLm1pY3Jvc29mdC5jb22CFWNvbm5lY3QubWljcm9zb2Z0LmNvbYIVZGV2ZWxvcC5taWNy | |
| b3NvZnQuY29tghVkb21haW5zLm1pY3Jvc29mdC5jb22CFWV4YW1wbGUubWljcm9zb2Z0LmNvbYIV | |
| bWFkZWlyYS5taWNyb3NvZnQuY29tghVtc2RuaXN2Lm1pY3Jvc29mdC5jb22CFW1zcHJlc3MubWlj | |
| cm9zb2Z0LmNvbYIVcXVhbnR1bS5taWNyb3NvZnQuY29tghVzcG9uc29yLm1pY3Jvc29mdC5jb22C | |
| FXd3dy5hZXAubWljcm9zb2Z0LmNvbYIVd3d3LmFlci5taWNyb3NvZnQuY29tghV3d3diZXRhLm1p | |
| Y3Jvc29mdC5jb22CFmJ1c2luZXNzLm1pY3Jvc29mdC5jb22CFmVtcHJlc2FzLm1pY3Jvc29mdC5j | |
| b22CFmxlYXJuaW5nLm1pY3Jvc29mdC5jb22CFm1zZG53aWtpLm1pY3Jvc29mdC5jb22CFm9wZW5u | |
| ZXNzLm1pY3Jvc29mdC5jb22CFnBpbnBvaW50Lm1pY3Jvc29mdC5jb22CFnNuYWNrYm94Lm1pY3Jv | |
| c29mdC5jb22CFnNwb25zb3JzLm1pY3Jvc29mdC5jb22CFnN0YXRpb25xLm1pY3Jvc29mdC5jb22C | |
| F2Fpc3Rvcmllcy5taWNyb3NvZnQuY29tghdjb21tdW5pdHkubWljcm9zb2Z0LmNvbYIXY3Jhd2xt | |
| c2RuLm1pY3Jvc29mdC5jb22CF2lvdHNjaG9vbC5taWNyb3NvZnQuY29tghdtZXNzZW5nZXIubWlj | |
| cm9zb2Z0LmNvbYIXbWluZWNyYWZ0Lm1pY3Jvc29mdC5jb22CGGJhY2tvZmZpY2UubWljcm9zb2Z0 | |
| LmNvbYIYZW50ZXJwcmlzZS5taWNyb3NvZnQuY29tghhpb3RjZW50cmFsLm1pY3Jvc29mdC5jb22C | |
| GHBpbnVuYmxvY2subWljcm9zb2Z0LmNvbYIYcmVyb3V0ZTQ0My5taWNyb3NvZnQuY29tghljb21t | |
| dW5pdGllcy5taWNyb3NvZnQuY29tghlleHBsb3JlLXNtYi5taWNyb3NvZnQuY29tghlleHByZXNz | |
| aW9ucy5taWNyb3NvZnQuY29tghlvbmRlcm5lbWVycy5taWNyb3NvZnQuY29tghl0ZWNoYWNhZGVt | |
| eS5taWNyb3NvZnQuY29tghl0ZXJyYXNlcnZlci5taWNyb3NvZnQuY29tghpjb21tdW5pdGllczIu | |
| bWljcm9zb2Z0LmNvbYIaY29ubmVjdGV2ZW50Lm1pY3Jvc29mdC5jb22CGmRhdGFwbGF0Zm9ybS5t | |
| aWNyb3NvZnQuY29tghplbnRyZXByZW5ldXIubWljcm9zb2Z0LmNvbYIaaHhkLnJlc2VhcmNoLm1p | |
| Y3Jvc29mdC5jb22CGm1zcGFydG5lcmlyYS5taWNyb3NvZnQuY29tghpteWRhdGFoZWFsdGgubWlj | |
| cm9zb2Z0LmNvbYIab2VtY29tbXVuaXR5Lm1pY3Jvc29mdC5jb22CGnJlYWwtc3Rvcmllcy5taWNy | |
| b3NvZnQuY29tghp3d3cuZm9ybXNwcm8ubWljcm9zb2Z0LmNvbYIbZnV0dXJlZGVjb2RlZC5taWNy | |
| b3NvZnQuY29tght1cGdyYWRlY2VudGVyLm1pY3Jvc29mdC5jb22CHGxlYXJuYW5hbHl0aWNzLm1p | |
| Y3Jvc29mdC5jb22CHG9ubGluZWxlYXJuaW5nLm1pY3Jvc29mdC5jb22CHWJ1c2luZXNzY2VudHJh | |
| bC5taWNyb3NvZnQuY29tgh1jbG91ZC1pbW1lcnNpb24ubWljcm9zb2Z0LmNvbYIdc3R1ZGVudHBh | |
| cnRuZXJzLm1pY3Jvc29mdC5jb22CHmFuYWx5dGljc3BhcnRuZXIubWljcm9zb2Z0LmNvbYIeYnVz | |
| aW5lc3NwbGF0Zm9ybS5taWNyb3NvZnQuY29tgh5leHBsb3JlLXNlY3VyaXR5Lm1pY3Jvc29mdC5j | |
| b22CHmtsZWludW50ZXJuZWhtZW4ubWljcm9zb2Z0LmNvbYIecGFydG5lcmNvbW11bml0eS5taWNy | |
| b3NvZnQuY29tgh9leHBsb3JlLW1hcmtldGluZy5taWNyb3NvZnQuY29tgh9pbm5vdmF0aW9uY29u | |
| dGVzdC5taWNyb3NvZnQuY29tgh9wYXJ0bmVyaW5jZW50aXZlcy5taWNyb3NvZnQuY29tgh9waG9l | |
| bml4Y2F0YWxvZ3VhdC5taWNyb3NvZnQuY29tgh9zemtvbHlwcnp5c3psb3NjaS5taWNyb3NvZnQu | |
| Y29tgh93d3cucG93ZXJhdXRvbWF0ZS5taWNyb3NvZnQuY29tgiBzdWNjZXNzaW9ucGxhbm5pbmcu | |
| bWljcm9zb2Z0LmNvbYIibHVtaWFjb252ZXJzYXRpb25zdWsubWljcm9zb2Z0LmNvbYIjc3VjY2Vz | |
| c2lvbnBsYW5uaW5ndWF0Lm1pY3Jvc29mdC5jb22CJGJ1c2luZXNzbW9iaWxpdHljZW50ZXIubWlj | |
| cm9zb2Z0LmNvbYIlc2t5cGVhbmR0ZWFtcy5mYXN0dHJhY2subWljcm9zb2Z0LmNvbYInd3d3Lm1p | |
| Y3Jvc29mdGRsYXBhcnRuZXJvdy5taWNyb3NvZnQuY29tgihjb21tZXJjaWFsYXBwY2VydGlmaWNh | |
| dGlvbi5taWNyb3NvZnQuY29tgil3d3cuc2t5cGVhbmR0ZWFtcy5mYXN0dHJhY2subWljcm9zb2Z0 | |
| LmNvbTBkBgNVHR8EXTBbMFmgV6BVhlNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2Ny | |
| bC9NaWNyb3NvZnQlMjBBenVyZSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA2LmNybDBmBgNVHSAE | |
| XzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j | |
| b20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFNXBZzrC | |
| o530d1JbWRI4KeZVaLulMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0B | |
| AQwFAAOCAgEAcTl61hx6IV10gzl4WWIZdviTTqApZ0XGMCq4ed/X2BJF+8TwiLTMZlSw7+TgnHlp | |
| 3riAN9HS+4aW1kq0E3wCNGfpGHWzbtxACfjRw5/qgxJLp4Zz+4RQZa04NOsCwkF8Hjmud5lxn+xW | |
| K5P+R1WVOX9+XxaJ+x18CgLkj4KXmjJvC+J2cZOdTAEWOm92eTIoDYwu+3asJe64Djf9KPXI8nTb | |
| v8zFgI0c+fbU0IguIeoW4pv5qKEJ0UBHjQ1wj67mqHIKQW4cH3SBV2imA5H28jiIgKvWgWfO5sGD | |
| bxhyWdSkEhuiLjKJMLwFh/s2V8JsoyKepBjfrcsj46Cd6nbJnd+EBb63G79Fv+8xFcImy31iCaaU | |
| iQ4AdxaUT5JZAyin2ymF2WD9Vq1jVj4FGlx58veVIsJNcyq7l9pLlbNSbMtnaHMjLjIBJQ1KVZSP | |
| rKbzTgoY2Ne07lDXT1g3M+U5Q+oehlEDAv/17I0M3kGGJqgvA9AudjK1Zi7OkAtHFxVMHG+pi0A8 | |
| PEIP0Ew/bU6b6/+SbEYDjncMA0VWGHCet9w2Dm5LAOkq1w2c0SXhMOxLioq1Oc26sGK1K7dFrf3Q | |
| dOFdQnQl8+zvT/evzMjOOS+aMIYw2nRwQzKbuD1+NyZ9b9XkQ2U8oqNKfKafURi3nB9wx6vzoPJe | |
| WnXl4/UBvnQ= | |
| -----END CERTIFICATE----- | |
| Connect to www.microsoft.com on port 443 and store the returned certificate, then convert it to PEM format (which can be saved to file if needed). | |
| #> | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment