Updated Get-Certificate Function

It’s been a while since I first published my Get-PKICertificates function and talked about it on Hey, Scripting Guy!. In fact, that was my first guest blog that I had ever done which was an amazing opportunity that I have been fortunate to do multiple times since then. Back during that time I talked about and demoed my function to get certificates that were about to expire, which is fine and all, but that code is pretty old and was in need of a makeover.

After finally getting some free time, not only did I re-write the code, but I decided to take it a step further by removing the parameters for filtering for expiring certificates and instead just adding a ‘days until expiration’ property as well as adding a switch to include all certificates that have been archived.

Oh yea, I also changed the name from Get-PKICertificates to Get-Certificate because number 1: don’t use a plural in the noun and having PKI in the name really didn’t serve much purpose.

Because I didn’t want to worry about the user trying to filter the certificates after using the function, I went ahead and added parameters to filter the certificates by Subject, Issuer and Thumbprint. Using these parameters, I can build a filter string that allows the code to only display what the user is looking for.

Here is an example of using the function to see when the certificates will expire:

Get-Certificate | Select Subject, Thumbprint, ExpiresIn


Filtering using the parameters:

Get-Certificate -Issuer *boe*|Select Issuer, Thumbprint


Get-Certificate -Subject *Soon*


Get-Certificate -Thumbprint 9463F15498*


The filtering is done using Where-Object internally in the function by building out an arraylist containing the filters and then concatenating them using a –Join keyword.

$WhereList = New-Object System.Collections.ArrayList
If ($PSBoundParameters.ContainsKey('Issuer')) {
    [void]$WhereList.Add('$_.Issuer -LIKE $Issuer')
If ($PSBoundParameters.ContainsKey('Subject')) {
    [void]$WhereList.Add('$_.Subject -LIKE $Subject')
If ($PSBoundParameters.ContainsKey('Thumbprint')) {
    [void]$WhereList.Add('$_.Thumbprint -LIKE $Thumbprint')
If ($WhereList.count -gt 0) {
        $Where = [scriptblock]::Create($WhereList -join ' -AND ')
        Write-Debug "WhereBlock: $($Where)"

You can also view any of the archived certificates using the –IncludeArchived parameter as well. Unfortunately, I did not have any archived at this time to demo.

You can download the updated function via the link below.

Download Get-Certificate


This entry was posted in powershell and tagged , , , . Bookmark the permalink.

1 Response to Updated Get-Certificate Function

  1. mm2knet says:

    There is already a built-in command named Get-Certificate which is used to request certificates from a PKI Infrastructure.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s