This is something I created to return a True or False whether or not specified computer certificates are installed. It writes this information to the registry for desktop management software scanning. My original objective was just to determine whether or not an old (about to expire) cert still existed, but I went ahead and added detection for the new one as well.
# AUTHOR: Eddie Jackson
# DATE: 03/28/2017
# USAGE: To verify if specified certs are in local
# store
# NOTES: Desktop Management will report on reg keys
# set to TRUE or FALSE
Clear-Host
# OLD Cert Thumbprint
$Cert1 = "12345678912C7409FBF28C86D208637123456789"
# New Cert Thumbprint
$Cert2 = "FD5C3FC1F3C405D1D468EF0A0A12345678912345"
# Reg Path
$RegPath = 'HKLM:\SOFTWARE\COMPANY\AppName\Cert'
# Clear Session
$OLD = ""
$NEW = ""
Remove-ItemProperty -Path $RegPath -Name "$Cert1" | Out-Null
Remove-ItemProperty -Path $RegPath -Name "$Cert2" | Out-Null
New-Item -Path $RegPath -Force | Out-Null
New-ItemProperty -Path $RegPath -Name "$Cert1" -Value "FALSE"
New-ItemProperty -Path $RegPath -Name "$Cert2" -Value "FALSE"
Start-Sleep 5 # time to verify reg keys are reset
# Assign Current Certs to variables
$OLD = Get-ChildItem Cert:\LocalMachine\My | Select -Property Thumbprint |
Where-Object {$_.Thumbprint -eq "$Cert1"} |
foreach { $_.Thumbprint }
$NEW = Get-ChildItem Cert:\LocalMachine\My | Select -Property Thumbprint |
Where-Object {$_.Thumbprint -eq "$Cert2"} |
foreach { $_.Thumbprint }
# Determine if Certs exist
if ($OLD -eq "$Cert1") {
#Write-Host "Old Exists"
New-ItemProperty -Path $RegPath -Name "$Cert1" -Value "TRUE" -Force | Out-Null
}
if ($NEW -eq "$Cert2") {
#Write-Host "New Exists"
New-ItemProperty -Path $RegPath -Name "$Cert2" -Value "TRUE" -Force | Out-Null
}
Screenshot of registry
