question

NelsonBaez-8863 avatar image
0 Votes"
NelsonBaez-8863 asked IanXue-MSFT answered

Display Subject Alternative Names of a Certificate with PowerShell

Hello,

I am trying to retrieve the SAN of few of my certificates using PowerShell whether the Cert has a SAN or not.

Below is what I have so far:

$Servers = "WebServer01",
"WebServer02",
"WebServer03"

Invoke-Command -ComputerName $Servers -ScriptBlock {Get-ChildItem -Recurse Cert:\LocalMachine\My | select subject,NotBefore, notafter, Issuer, Thumbprint,HasPrivateKey, SubjectAlternativeName}

I am getting output from all fields except the SAN "SubjectAlternativeName". Could someone help advise me what else I am missing?

windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT answered

Hi,

The X509Certificate2 object has no "SubjectAlternativeName" property. You can get it from the extensions of the certificate.

 Invoke-Command -ComputerName $Servers -ScriptBlock { Get-ChildItem -Recurse Cert:\LocalMachine\My | 
     select subject,NotBefore, notafter, Issuer, Thumbprint,HasPrivateKey, 
     @{name='Subject Alternative Name';expression={($_.Extensions | Where-Object {$_.Oid.FriendlyName -eq "Subject Alternative Name"}).format($true)}}
 }

Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.