Cercare un certificato tramite thumbprint
Se trovi questo messaggio negli eventi di windows che indica un certificato scaduto o in scadenza:
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date: 12/04/2017 19.24.45
Event ID: 64
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: srv01.sgart.local
Description: Certificate for local system with Thumbprint 2a 90 33 96 f3 e2 00 63 e8 c4 4e 66 71 0e a5 78 dc ee 4a d7 is about to expire or already expired.
per capire qual'è il certificato in scadenza, lo puoi cercare nello store tramite il suo thumbprint.
La ricerca può essere fatta tramite PowerShell interrogando il path cert:\:
che da un risultato simile a questo:
la proprietà Subject aiuta ad identificare il certificato.
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date: 12/04/2017 19.24.45
Event ID: 64
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: srv01.sgart.local
Description: Certificate for local system with Thumbprint 2a 90 33 96 f3 e2 00 63 e8 c4 4e 66 71 0e a5 78 dc ee 4a d7 is about to expire or already expired.
La ricerca può essere fatta tramite PowerShell interrogando il path cert:\:
PowerShell
Get-ChildItem -Path 'cert:\' -Recurse | ? {$_.Thumbprint -eq '2a 90 33 96 f3 e2 00 63 e8 c4 4e 66 71 0e a5 78 dc ee 4a d7'.replace(' ','')} | select *
Text
PSPath : Microsoft.PowerShell.Security\Certificate::LocalMach
ine\My\2A903396F3E20063E8C44E66710EA578DCEE4AD7
PSParentPath : Microsoft.PowerShell.Security\Certificate::LocalMach
ine\My
PSChildName : 2A903396F3E20063E8C44E66710EA578DCEE4AD7
PSDrive : Cert
PSProvider : Microsoft.PowerShell.Security\Certificate
PSIsContainer : False
EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1), Client
Authentication (1.3.6.1.5.5.7.3.2)}
DnsNameList : {www.sgart.local}
SendAsTrustedIssuer : False
EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEnd
PointProperty
EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEnd
PointProperty
PolicyId :
Archived : False
Extensions : {System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid,
System.Security.Cryptography.Oid...}
FriendlyName :
IssuerName : System.Security.Cryptography.X509Certificates.X500Di
stinguishedName
NotAfter : 17/01/2017 02.59.59
NotBefore : 21/10/2014 04.00.00
HasPrivateKey : False
PrivateKey :
PublicKey : System.Security.Cryptography.X509Certificates.Public
Key
RawData : {48, 130, 4, 245...}
SerialNumber : 504C0D526C5542994CBC5170A9BBBFE0
SubjectName : System.Security.Cryptography.X509Certificates.X500Di
stinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 2A903396F3E20063E8C44E66710EA578DCEE4AD7
Version : 3
Handle : 336904204688
Issuer : CN=Symantec Class 3 Secure Server CA - G4,
OU=Symantec Trust Network, O=Symantec Corporation,
C=US
Subject : CN=www.sgart.local, OU=IT, O=Sgart, L=MI, S=MI, C=IT