(imported topic written by EITMickey91)
Is it possible, has anyone created a fixlet, or have any recommendations on how to create a fixlet that can interrogate a certificate - a registered or self signed and determine what CA generated it and when it will expire?
Thanks!
Danny
(imported comment written by NoahSalzman)
Can you provide us with a sample certificate?
(imported comment written by SystemAdmin)
There are several ways to do this. Determining the best ways depends on the OS(es) you intend to target.
For Win7/2008/R2, create a simple Powershell script that interrogates the local certificate store. You could either filter within the powershell and save the output or use the powershell to dump the raw cert store metadata to a file. In either case, the output can be picked up by an analysis.
For WinXP/2003, the best way I’ve found is to get Certadm.dll, certcli.dll, certreq.exe, and certutil.exe from a 2003 CA. Include those files in the Bigfix custom task that you’re building. Drop them into a particular folder on the endpoint, then certreq.exe can be used to request certs and certutil.exe can be used to import/export certs and information.
In our environment, I can run \certutil.exe -store My > certinfo.log Then I use an analysis to parse the output for whatever details I’m seeking.
Another example you may find useful is adding the public key for a trusted CA.
certutil -v -enterprise -addstore NTAuth .cer > CAupdate.log