Certificate information from Personal Store

rkurowski 2018-03-26 20:43:58 UTC #1

Hoping someone can help me out. I am trying to create and Analysis to gather the following information.

Would like to audit certificates in the Personal store (“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY”) and retrieve the following properties.

Subject
Issuer
Valid To
Subject Alternative Name (nice to have, but not required)

Is this possible using Bigfix? I know I can do it in powershell so was hoping I could get some help getting this information using relevance.

TheCookieMonster 2018-03-26 23:38:18 UTC #2

you can set an analysis querying each string or value of a registry key entry.

strawgate 2018-03-27 01:47:10 UTC #3

Hi,

None of this information is easily obtainable through the registry because they are stored in blobs in the registry.

My C3 Inventory content has a fixlet and analysis which probes the certificate store and places the data in the registry in a way that is easy to consume using BigFix. You can find that content either via BigFix.Me or Github with links here: C3 - Free BigFix Community Content Libraries

The direct links to the probe and analysis on github:
Probe: https://github.com/strawgate/C3-Inventory/blob/master/Fixlets/Invoke%20-%20Certificate%20Store%20Probe%20-%20Windows.bes
Analysis: https://github.com/strawgate/C3-Inventory/blob/master/Analyses/Certificates%20-%20Windows.bes

jackthrppr 2020-03-06 16:32:16 UTC #4

Will this also pull information for certificates that are not trusted?

What Bigfix can offer in terms of certificate discovery?