Certificates can be installed permanently by loading them into Windows certificate store. PowerShell can access this store via its cert: drive. The following line dumps all your personal certificates:
PS C:\> Get-ChildItem -Path Cert:\CurrentUser\my PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\my Thumbprint Subject ---------- ------- 9F2F02100F6AE1DA83628906D60267F89377A6B2 CN=König von Timbuktu (Ost) 65C5ED677C9EEE9AB8D8F55354E920313FE427C2 CN=UniYork IT Security 322CA0B1F37F43B26D4D8DE17DCBF3E2C17CE111 CN=Tobias
Note: if your personal certificate store is empty, you might want to visit one of our earlier tips in this series to create some test certificates.
To view only code-signing certificates, add the –CodeSigningCert dynamic parameter. This excludes any certificates with a different purpose or missing private key:
PS C:\> Get-ChildItem -Path Cert:\CurrentUser\my -CodeSigningCert
Certificates are identified by their unique thumbprint ID which serves like names with files:
PS C:\> Get-ChildItem -Path Cert:\CurrentUser\my PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\my Thumbprint Subject ---------- ------- 9F2F02100F6AE1DA83628906D60267F89377A6B2 CN=King of Timbuktu (Eastside) 65C5ED677C9EEE9AB8D8F55354E920313FE427C2 CN=UniYork IT Security 322CA0B1F37F43B26D4D8DE17DCBF3E2C17CE111 CN=Tobias PS C:\> $cert = Get-Item -Path Cert:\CurrentUser\My\9F2F02100F6AE1DA83628906D60267F89377A6B2 PS C:\> $cert PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My Thumbprint Subject ---------- ------- 9F2F02100F6AE1DA83628906D60267F89377A6B2 CN=King of Timbuktu (Eastside)
If you don’t know the unique thumbprint ID, you should find it out because only this ID is able to uniquely identify the certificate. One way to find it is by filtering other properties like the subject:
PS C:\> dir Cert:\CurrentUser\my | where subject -like *tobias* PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\my Thumbprint Subject ---------- ------- 322CA0B1F37F43B26D4D8DE17DCBF3E2C17CE111 CN=Tobias
In our first part of this mini-series you learned how to create new certificates with PowerShell.
In the remaining parts you now learned how to read existing certificates from pfx files and from your personal certificate store.
Join our next tips to find out how you can actually use your certificates to sign PowerShell code!