Since many certificate operations involve knowing the certificate’s thumbprint, it is always useful to to have an easy way to get this information. In some of the online documentation it mentions you can copy the thumbprint out of the Certificate MMC snap-in and then manually delete the spaces between the data. No thanks.
However, if you *really* want to do that, or a quick and easy way to launch the certificate MMC on modern versions of Windows, please see this post.
Since PowerShell abstracts the certificate store using a PSDrive we can easily obtain the data. For more on PowerShell basics see these posts.
List All Certificates in the Local Machine Store
The simplest command to list all of the certificates in the local machine’s MY store we can run:
Get-ChildItem -Path Cert:LocalMachine\MY
List All Certificates in the Local Machine Store Showing Thumbprint and Selected Data
You will note that the above example does not show all that we are looking for, so we need to pull that out using something like this:
Get-ChildItem -Path Cert:LocalMachine\MY | Select-Object FriendlyName, Thumbprint, Subject, NotBefore, NotAfter
Rather than listing all the certificates in the store, we can also filter them on a selected attribute. In this case we are checking the subject to see if it contains the word “mail” since the the certificate desired is mail.tailspintoys.ca
The below is an example which you can modify accordingly:
Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "mail"} | Select-Object FriendlyName, Thumbprint, Subject, NotBefore, NotAfter
Cheers,
Rhoderick
There is a typo on this page (an extra double quote).
Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "mail"}" | Select-Object FriendlyName, Thumbprint, Subject, NotBefore, NotAfter
...should be...
Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "mail"} | Select-Object FriendlyName, Thumbprint, Subject, NotBefore, NotAfter
Thanks Tim - got that fixed up.
Yet another blog migration artifact 🙁
Cheers,
Rhoderick
Thank you very much to the writer for the step-by-step instructions with the simplest command to list all of the certificates in the local machines.
Thanks for the post Rhoderick . While the certificate has lower case alphabets in thumbprint, the powershell way of getting the thumprint prints everything in uppercase. Will this not be an issue or the case does not matter in certificate thumprint. I am trying an automation for SQL server certificate renewal.
Generally Windows is case insensititive, and I have not ran into an issue personally but never say never.
Have you tried to lowercase that using PowerShell?
Cheers,
Rhoderick
Hi Team,
I need an update for the Tumbprint of the s/mime certificate of a user in exchange. but not able t find any command.
will be great help if could get any update
Can you not get it from something like this:
Get-ADUser user-1 -Properties * |FL *cert*
Cheers,
Rhoderick