What Bigfix can offer in terms of certificate discovery?

You can sort of directly interrogate this information using relevance to inspect the registry for this info, but it is kind of painful. There is a new inspector that might help but I haven’t had a chance to try it: pem encoded certificate string of <string>: x509 certificate

This gives the raw blobs of what should be all certs:

values "Blob" of keys of keys "Certificates" of keys of keys "SOFTWARE\Microsoft\SystemCertificates" of (keys "HKEY_LOCAL_MACHINE" of it; keys of keys "HKEY_USERS" of it) of (x64 registries; x32 registries)

Examples:

• https://bigfix.me/relevance/details/3004697
• https://bigfix.me/relevance/details/3003682

Related:

• Working to detect and remove the eDellRoot malicious Root Certificate - #4 by jgstew
• Thumbprint of a certificate - #2 by Sean
• Certificate Relevance - #4 by AlanM
• Certificate information from Personal Store - #4 by jackthrppr
• Tip: Comparing really long REG_BINARY value (Sysmon Ruleset) - #2 by jgstew
• Remove Expired Windows Certificates
• Query for Certificates - #4 by BigFixMan