You can use PowerShell to manage your local certificate store.
The default PowerShell Get-ChildItem cmdlet allows for accessing the local certificate store. But you should start your PowerShell shell windows as an administrator, as access might be restricted by GPO settings.
Get-ChildItem -Path Cert:\LocalMachine Name : TrustedPublisher Name : ClientAuthIssuer Name : Remote Desktop Name : Root Name : TrustedDevices Name : SPC Name : CA Name : REQUEST Name : AuthRoot Name : WebHosting Name : TrustedPeople Name : My Name : SmartCardRoot Name : Trust Name : Disallowed
Get-ChildItem -Path Cert:\LocalMachine\My Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- ------- EC225A0183DC64D864C8BEA1477822858FCEC767 CN=WMSvc-EXSRV02 E2BC29B1445FD267E5A2823591A5221D67D0D94F CN=Microsoft Exchange Server Auth Certificate D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF CN=EXSRV02 60246A87C12BEB365E7B4044C926587590A3D7B6 CN=mobile.mcmemail.de, O=mcmemail, C=DE 5F103D6C61BF57D86DB4AAA05597B0D1E8155884 CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro.
The example shows a self-signed certificate of a Trend Micro ScanMail for Exchange setup.
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\5F103D6C61BF57D86DB4AAA05597B0D1E8155884 $cert | fl Subject : CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro ScanMail for Microsoft Exchange Issuer : CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro ScanMail for Microsoft Exchange Thumbprint : 5F103D6C61BF57D86DB4AAA05597B0D1E8155884 FriendlyName : NotBefore : 17.11.2014 00:00:00 NotAfter : 16.11.2017 00:00:00 Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
A certificate issued by an Enterprise CA looks like this
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\60246A87C12BEB365E7B4044C926587590A3D7B6 $cert | fl Subject : CN=mobile.mcmemail.de, O=mcmemail, C=DE Issuer : CN=mcmemail-DC01-CA, DC=mcmemail, DC=de Thumbprint : 60246A87C12BEB365E7B4044C926587590A3D7B6 FriendlyName : mcmemail Exchange Server 2013 Certificate NotBefore : 28.08.2014 15:14:04 NotAfter : 28.08.2015 15:24:04 Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}
$cert | Export-Certificate -FilePath C:\tmp\cert1.p7b -Type p7b Directory: C:\tmp Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 23.12.2014 11:56 1380 cert1.p7b
$certarray = @() $certarray += $cert $cert = Get-ChildItem -Path Cert:\LocalMachine\My\D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF $certarray += $cert $certarray Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- ------- 60246A87C12BEB365E7B4044C926587590A3D7B6 CN=mobile.mcmemail.de, O=mcmemail, C=DE D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF CN=EXSRV02 $certarray | Export-Certificate -FilePath c:\tmp\certs.sst -Type SST Directory: C:\tmp Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 23.12.2014 11:58 3056 certs.sst
Enjoy working with certificates.
Do you plan to upgrade to Exchange Server 2013? Do you wonder what the benefits of Office 365 are? Contact us at info@granikos.eu