With a simple web request makes a connection to a web site and outputs SSL certificate thumbprint, Expiration, Issues, Common Name and Subject Alternate Names

Edit: This only works for W3SVC HTTPS calls.  If you run a Skype Edge for example this won't pull from there  :(

Had to convert the certificate from v1 to v2 to pull the SAN names from the certificate raw data.

 

Thanks for checking it out and I hope that you find it useful!

 

 

# SSL certificate Info Scriptv.1.0

# Chris Lehr

# me@chrislehr.com

# Version: 1.0

# Date: 2018-12-04

# DEscription - With a simple web request makes a connection to a web site and outputs SSL certificate thumbprint, Expiration, Issues, Common Name and Subject Alternate Names
$URL= read-host -Prompt "Enter the URL you want cert details on (INCLUDE https://)"
$StackExAPIResponse = Invoke-WebRequest $URL -TimeoutSec 3 -ErrorAction Stop

$servicePoint = [System.Net.ServicePointManager]::FindServicePoint($URL)

write-host "Thumbprint: `t" $servicePoint.Certificate.GetCertHashString()

write-host "Expires: `t" $servicePoint.Certificate.GetExpirationDateString()

write-host "Issuer: `t" $servicePoint.Certificate.GetIssuerName()

write-host "Subject: `t" $servicePoint.Certificate.Subject


# you cannot get the SAN names from a x509certificate, but if we convert it to a x509certificate2 we then can!

$cert = $servicePoint.Certificate.GetRawCertData() 

$my_cert = new-object system.security.cryptography.x509certificates.x509certificate2 $my_cert.Import($cert)

$my_SANx = ($my_cert.Extensions | Where-Object {$_.Oid.FriendlyName -eq "subject alternative name"}).format(1) 

write-host "`nSubject Alternate Names: " 

$my_SANx = $my_SANx -replace "DNS Name=", "`t`t"

write-host $my_SANx