PowerShell - X509Certificates.X509Store获取所有证书？

您可以从本地证书驱动器获取它们：

Get-ChildItem Cert:\CurrentUser\CA # user certs

Get-ChildItem Cert:\LocalMachine\CA # machine certs

Get-ChildItem Cert:\LocalMachine\My

如果您安装了WinRM，则这很有趣，但是更标准的查找所有证书的方法是使用类似于以下内容的东西更好：

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("\\$server_name\My","LocalMachine")

$store.Open("ReadOnly")             
$store.Certificates

以下 PowerShell 脚本将要求输入远程计算机的 DNS 名称，然后要求输入域管理员凭据以便连接和查询。结果 $AllCerts 变量包含每个存储中的每个证书。它还将它们导出到 $env:temp 文件夹中的 CSV 文件，并在 Windows Explorer 中打开该文件夹。

function Get-Cert( $computer=$env:computername ){
    $cred = Get-Credential -Message "Enter credentials for a Domain Admin"
    $ro=[System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
    $lm=[System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"    
    $Stores = (Invoke-Command $computer {Get-ChildItem cert:\LocalMachine} -Credential $cred).Name
    $AllStores = @()
    foreach ($store in $Stores){
        $AllStores += new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\$store",$lm)
    }
    $AllStores.Open($ro)
    $AllStores.Certificates
}
write-host "Enter remote computer to poll certificate information from" -ForegroundColor Cyan
$remoteComputer = read-host
$AllCerts = Get-Cert $remoteComputer
$AllCerts = $AllCerts | Select Subject,Issuer,Thumbprint,NotBefore,NotAfter
$AllCerts | Where-Object {$_.NotAfter -lt (Get-Date)} | format-list 
$AllCerts | export-csv -NoTypeInformation $env:temp\$($remoteComputer)_AllCerts.csv
start $env:temp

太棒的脚本，我有命名方面的问题，但很容易就解决了，改了之后很满意输出结果，谢谢！

$AllCerts | export-csv -NoTypeInformation $env:temp\$($remoteComputer)_AllCerts.csv
start $env:temp
To:
$AllCerts | export-csv c:\temp\AllCerts.csv -NoTypeInformation