question

RoyAshley-0547 avatar image
0 Votes"
RoyAshley-0547 asked RoyAshley-0547 commented

Help with detection method using PS or VB

I am struggling with coming up with the correct detection method for one of my applications. I have an application that calls a PowerShell script that will renew a machine certificate in the Personal store which contains a new Key Usage setting. I am looking for something that queries the certificate's key usage and if it is set to Key Encipherment, then do nothing. I only want it to run if it isn't set to Key Enchiperment. I figured I could use a VB or a PS script.

Scripting is not my strong suit, unfortunately. I am still learning it. I think I can use the code below to query it, but I don't know how to write it to an if statement or something that will say, "if it is set to Key Encipherment, do nothing."

((Get-ChildItem -Path Cert:\LocalMachine\My\ | select -First 1).Extensions | Where-Object { $_.Oid.FriendlyName -eq "Key Usage" }).format($true)

Any help would be greatly appreciated.

windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT answered RoyAshley-0547 commented

Hi,

You can try something like this

 Get-ChildItem -Path Cert:\LocalMachine\My | ForEach-Object {
     if($_.Extensions.KeyUsages -notmatch "KeyEncipherment"){
     #do something
     }
     else{
     #do nothing
     }    
 } 

Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you so much for the response. I really appreciate it.

This is what I came up with for detection method, but the application evaluates as "failed". I suspect I have something incorrect in my code.

Get-ChildItem -Path Cert:\LocalMachine\My | ForEach-Object {
if($_.Extensions.KeyUsages -match "KeyEncipherment")
{
Write-Host "installed"
}

  else
  {
  }    

}

Can you tell me what I'm doing wrong?

0 Votes 0 ·

Disregard my last comment. I got it working, thanks to you. Thanks, again.

0 Votes 0 ·