"Compare-PkiCertificates.ps1" takes the thumbprints of two certificates you expect to be similar or identical, and uses your existing PowerShell colour scheme to show you where they differ.


Your environment's Warning colour (yellow in my screen-grab below) shows the bits we expect to be different (the "not before", "not after", "serial number" and "thumbprint" values) whilst your Error colour (red below) shows the "unexpected differences" like extra or missing SANs, changes to the key size, etc.



Shortcomings / weaknesses


Feed it the thumbprints of two installed certificates - a paste from the cert's MMC is fine, with spaces and that junk character that's always at the start:

PS C:\> .\Compare-PkiCertificates.ps1 -Thumbprint1 "?e9 6e 65 bc 08 0f 0b 34 94 a4 30 d5 ea 9f 2d 0a 1a fd a5 99" -Thumbprint2 "?22 c8 ee e1 f1 e9 3d 7b 38 5d 4e d9 25 f4 bc 79 00 bf 8a 3b"
PS C:\> .\Compare-PkiCertificates.ps1 -Thumbprint1 "e96e65bc080f0b3494a430d5ea9f2d0a1afda59" -Thumbprint2 "22c8eee1f1e93d7b385d4ed925f4bc7900bf8a3b"
PS C:\> .\Compare-PkiCertificates.ps1 e96e65bc080f0b3494a430d5ea9f2d0a1afda599 22c8eee1f1e93d7b385d4ed925f4bc7900bf8a3b

Revision History

v1.7: 12th May 2018

v1.6: 30th March 2018

v1.5: 24th December 2017

v1.4: 15th June 2017

v1.3 19th February 2017

v1.2 22nd January 2017

v1.1 28th April 2016

v1.0 26th March 2016


- G.