Hoping someone can help me out. I am trying to create and Analysis to gather the following information.
Would like to audit certificates in the Personal store (“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY”) and retrieve the following properties.
Subject
Issuer
Valid To
Subject Alternative Name (nice to have, but not required)
Is this possible using Bigfix? I know I can do it in powershell so was hoping I could get some help getting this information using relevance.
you can set an analysis querying each string or value of a registry key entry.
Hi,
None of this information is easily obtainable through the registry because they are stored in blobs in the registry.
My C3 Inventory content has a fixlet and analysis which probes the certificate store and places the data in the registry in a way that is easy to consume using BigFix. You can find that content either via BigFix.Me or Github with links here: C3 - Free BigFix Community Content Libraries
The direct links to the probe and analysis on github:
Probe: https://github.com/strawgate/C3-Inventory/blob/master/Fixlets/Invoke%20-%20Certificate%20Store%20Probe%20-%20Windows.bes
Analysis: https://github.com/strawgate/C3-Inventory/blob/master/Analyses/Certificates%20-%20Windows.bes
Will this also pull information for certificates that are not trusted?