Get-PortCertificate is a PowerShell function I wrote around a year ago to assist in working with application certificates. The function returns the certificate from a listening SSL/TLS application’s service port.

Here are a few examples of using the function:

The command returned the certificate from the Remote Desktop Service (port 3389) running on my local Windows 7 PC. The default properties show some useful information for validating the certificate including expiration dates, subject name properties, and the certificate chain status.

The target name properties tell us if the -ComputerName passed to the function matches any of the subject names of the certificate. All of the effective subject names of a certificate will be listed in the CertificateValidNames property. In the example above we supplied the hostname “Main”, which matched the certificate. If I had instead used the IP address the TargetNameStatus would have returned invalid.

The chain properties show the results of the certificate trust chain. In this case, the certificate is self-signed and not a trusted root authority. Therefore, the certificate is not valid. Details on the trust chain results are listed in the ChainStatus and ChainStatusDetails properties.

Here’s an example showing a web certificate with a valid chain:

(The port defaults to 443 (https) so I’ve excluded it in the command.)



The Amazon certificate has multiple names listed under the CertificateValidNames property, including the target name that was specified in the command (amazon.com). The certificate chain also returned good and we see all certificates making up the chain listed in the ChainPath property.

I’ve included an option to export the certificate to a file by suppling a directory with the -Path parameter. In addition, you can export all certificates in a chain by including the -DownloadChain switch as this example shows:



One more thing worth noting is the custom type name I added to the function to control the objects default display properties. There are a number of other properties included in the object that can be of use:



That’s it for now. When I get time I’ll post more on how the script works. Until then, you can download a copy from the script center repository here:

https://gallery.technet.microsoft.com/scriptcenter/Get-the-SSL-certificate-02fea13d