7

Easy Way To Retrieve Certificate Thumbprint Using PowerShell

Since many certificate operations involve knowing the certificate’s thumbprint, it is always useful to to have an easy way to get this information.  In some of the online documentation it mentions you can copy the thumbprint out of the Certificate MMC snap-in and then manually delete the spaces between the data.  No thanks.

However, if you *really* want to do that, or a quick and easy way to launch the certificate MMC on modern versions of Windows, please see this post.

 

Since PowerShell abstracts the certificate store using a PSDrive we can easily obtain the data.  For more on PowerShell basics see these posts.

 

List All Certificates in the Local Machine Store

The simplest command to list all of the certificates in the local machine’s MY store we can run:

 Get-ChildItem -Path Cert:LocalMachine\MY

 

List All Certificates In the Local Machine MY Store

 

 

List All Certificates in the Local Machine Store Showing Thumbprint and Selected Data

You will note that the above example does not show all that we are looking for, so we need to pull that out using something like this:

 Get-ChildItem -Path Cert:LocalMachine\MY | Select-Object FriendlyName, Thumbprint, Subject, NotBefore, NotAfter

 

List All Certificates In the Local Machine MY Store With Their Thumbprint

Rather than listing all the certificates in the store, we can also filter them on a selected attribute.  In this case we are checking the subject to see if it contains the word “mail”  since the the certificate desired is mail.tailspintoys.ca

The below is an example which you can modify accordingly:

Get-ChildItem  -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "mail"} | Select-Object FriendlyName, Thumbprint, Subject, NotBefore, NotAfter

List Certificates Containing "Mail" In the Local Machine MY Store With Their Thumbprint

 

 

Cheers,

Rhoderick

Rhoderick Milne [MSFT]

7 Comments

  1. There is a typo on this page (an extra double quote).
    Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "mail"}" | Select-Object FriendlyName, Thumbprint, Subject, NotBefore, NotAfter
    ...should be...
    Get-ChildItem -Path Cert:\LocalMachine\MY | Where-Object {$_.Subject -Match "mail"} | Select-Object FriendlyName, Thumbprint, Subject, NotBefore, NotAfter

  2. Thanks Tim - got that fixed up.

    Yet another blog migration artifact 🙁

    Cheers,
    Rhoderick

  3. Thank you very much to the writer for the step-by-step instructions with the simplest command to list all of the certificates in the local machines.

  4. Thanks for the post Rhoderick . While the certificate has lower case alphabets in thumbprint, the powershell way of getting the thumprint prints everything in uppercase. Will this not be an issue or the case does not matter in certificate thumprint. I am trying an automation for SQL server certificate renewal.

    • Generally Windows is case insensititive, and I have not ran into an issue personally but never say never.

      Have you tried to lowercase that using PowerShell?

      Cheers,
      Rhoderick

  5. Hi Team,

    I need an update for the Tumbprint of the s/mime certificate of a user in exchange. but not able t find any command.
    will be great help if could get any update

    • Can you not get it from something like this:

      Get-ADUser user-1 -Properties * |FL *cert*

      Cheers,
      Rhoderick

Leave a Reply to Tim Barrett Cancel reply

Your email address will not be published. Required fields are marked *