PowerShell :- Certificate Store Navigation

COMMENTS ARE ALWAYS WELCOMED ON MY POSTS:

STARTING OUT

For starters there are several methods for working and viewing certificates. These are the steps I took while digging into certs. I’ll try and go over things in a top down fashion so it will be easy to follow along.

When starting in PowerShell and running as administrator the default location is c:\windows\system32. I like changing or creating a temp directory where commands and output can be traced quickly by having all items in one central location. Your PowerShell Profile should be setup to use a different folder as your starting folder.  Standard output items could end up in c:\windows\system32 and I’d rather not clutter up that folder with extra output that really should not be in that folder.

(Get-Help about_profiles) is a good starting point when reading about profiles.
Example set your location to use the home path: Set-Location $env:homepath.
Setting your to something different all should be ok.  For running my examples I’m going to Set-Location to the PSPATH “CERT”.

Import the PKI Module if you have the IMPORT-MODULE PKI in your PowerShell profile you won’t have to import the module as it will already be there.importmodulepki

You can and should set your default directory in your $Profile

setlocation

I’m setting location to “CERT” as this is where I want to start out. With out the semicolon at the end of CERT:
you’ll receive an error so just re-enter and add :.

setlocationcert

Clear the host that’s more for me at this point so I could have a clean capture. 🙂

clearhost

Running GET-CHILDITEM shows us the certificate stores located on the machine for the current user and
local machine. You can SET-LOCATION  to either CurrentUser or LocalMachine.  For now I’ll go with LocalMachine

setlocationcert

And, once in CERT:/ SET-LOCATION CurrentUser then run GET-CHILDITEM.

The certmgr screen can be assessed via command line with this command Invoke-item CERT:

commandguicert

There are some differences in appearance but essentially can do the same with both interfaces. In another post I’ll go over the GUI screen.

Switch to the LocalMachine area. SET-LOCATION CERT:\LocalMachine

certslocalmachine

 

 

So, far we’ve setup to begin working with certificates. The following is a listing of commands that can be used
while working with certificates.
For Source you can see that PKI is listed. That’s because we IMPORTED-MODULE PKI

getcommandcert

You can also run this command to get a sorted list. (I’m using Source)
GET-COMMAND *CERT* | Sort-Object -Descending Source

certcommandsdescending

Next post is Certificate Object Model Creation Part 1

 

 

 



Categories: #kravis, #PowerShell, PowerShell, PowerShell Posts, Technology

Leave a Reply

%d bloggers like this: