Skip to content

Instantly share code, notes, and snippets.

@michaellwest
Last active January 31, 2023 17:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save michaellwest/5c1bf21fba17f7e2c5a088add1fe4f0e to your computer and use it in GitHub Desktop.
Save michaellwest/5c1bf21fba17f7e2c5a088add1fe4f0e to your computer and use it in GitHub Desktop.
Check certificate revocation using PowerShell.
# Potential workaround for errors:
# https://stackoverflow.com/questions/2675133/c-sharp-ignore-certificate-errors
# https://stackoverflow.com/a/66882479/1277533
$webRequest = [Net.WebRequest]::Create("https://www.company.com")
try { $webRequest.GetResponse() } catch {}
$cert = $webRequest.ServicePoint.Certificate
#$bytes = $cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Cert)
#set-content -value $bytes -encoding byte -path "$pwd\company.cer"
#certutil.exe -verify -urlfetch "$pwd\company.cer"
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain
$chain.ChainPolicy.RevocationFlag = [System.Security.Cryptography.X509Certificates.X509RevocationFlag]::EntireChain
$chain.ChainPolicy.RevocationMode = [System.Security.Cryptography.X509Certificates.X509RevocationMode]::Online
$chain.ChainPolicy.UrlRetrievalTimeout = New-Object System.TimeSpan(0, 0, 30)
$chain.ChainPolicy.VerificationFlags = [System.Security.Cryptography.X509Certificates.X509VerificationFlags]::AllowUnknownCertificateAuthority
$chain.Build($cert)
$chain.ChainStatus.Status
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment