SHA1 Certificate Signature Check (Updated)

Microsoft has plans to deprecate the use of some certificates which have SHA1 signatures. I wrote this PowerShell script to make it easier to tell if a certificate was signed with SHA1 and whether the deprecation applies.

4.5 Star
3,325 times
Add to favorites
E-mail Twitter Digg Facebook
  • How to pass parameters
    2 Posts | Last post February 28, 2018
    • Hi,
      really don't understand how to specify SYSTEM as a parameter.
    • Ok..understood..but what is "My store" ?
      I'd like to scan "Trusted Root Certification Authorities" repo fot SHA1 certs..
  • Append to $Results if a SHA1 cert is found
    1 Posts | Last post January 19, 2017
    • Hi Tim,
      Great work! I would just adjust the script to append to $Results if a SHA1 cert is found (currently, the scripts only writes that found a SHA1 cert on the console).
  • Request use cert Signing date
    2 Posts | Last post February 08, 2016
    • Hi Tim,
      Look like IE check the cert Signing time for Mark of the Web files currently, but the script use SignerCertificate.NotBefore, which is cert "valid from" field, could you please update accordingly?
    • Thanks for the feedback Peng. I'm posting a rewrite of the script now. I don't think that is included but will look into that as soon as I can.