none
How to get Client Certificate Value RRS feed

  • Question

  • Hello,

    I'm trying to get remote data from remote computers SCCM clients. I was looking a powershell script to get the value of Client Certificate" property but I did found anything. Do you know if there is any WMI namespace/class that I can use to get this info?


    thanks, best regards.

    

    Thursday, May 30, 2019 7:49 PM

Answers

  • I was able to get this info importing remote certificates through invoke-command and saving it into a variable and do some filtering. I leave the code line that I'm using i'm not sure if this is the perfect way to get this but at least it worked for me, I don't know to much about Certificates and SQL databases, but thanks for the assistance on this.

    $cert = Invoke-Command -computername $vms -scriptblock { dir "cert:" -Recurse | Where-Object { $_.subject -like "*CERT NAME*" } }

    ($cert -match "PKI*")

    I'n my case, our company signed certificates have a value property with the name PKI. 

    Best regards.

    • Marked as answer by D.M.L Monday, June 3, 2019 4:55 PM
    Monday, June 3, 2019 4:55 PM

All replies

  • Simple add the "Client Certificate" column in the SCCM admin console (e.g. Asset and Compliance->Devices). In the "Client Certificate" column will be either "Self-signed" or "PKI" displayed. 
    Monday, June 3, 2019 11:39 AM
  • I already did that, and as you can see on the screen I'm able to see it on the agent window but what I need to run a remote script against several computers to retrieve that value. It is the only one I have left to get on the report. I can't find the WMI namespace/class for the same. 

    I don't know much about certificates, I've also tried to navigate the SCCM certificates on each computer but don't know which value represent a PKI certificate. 

    I appreciate your help.

    Monday, June 3, 2019 11:58 AM
  • Try going to the SCCM Database and run

    Select * from vSMS_Certificate

    This should give you all of the servers and their certificates and thumbprints


    Website: www.walshamsolutions.com Technical Blog: https://www.walshamsolutions.com/technical-blog Personal Blog: https://www.walshamsolutions.com/personal-blog Twitter: Dwalshampro

    Monday, June 3, 2019 12:57 PM
  • I was able to get this info importing remote certificates through invoke-command and saving it into a variable and do some filtering. I leave the code line that I'm using i'm not sure if this is the perfect way to get this but at least it worked for me, I don't know to much about Certificates and SQL databases, but thanks for the assistance on this.

    $cert = Invoke-Command -computername $vms -scriptblock { dir "cert:" -Recurse | Where-Object { $_.subject -like "*CERT NAME*" } }

    ($cert -match "PKI*")

    I'n my case, our company signed certificates have a value property with the name PKI. 

    Best regards.

    • Marked as answer by D.M.L Monday, June 3, 2019 4:55 PM
    Monday, June 3, 2019 4:55 PM
  • For a Support SQL view you can use 

    Select AC.CertificateType from dbo.v_ActiveClients AC


    Garth Jones

    Blog: https://www.enhansoft.com/blog Old Blog: https://sccmug.ca/

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleashed

    Monday, June 3, 2019 5:54 PM