Public/Get-PWSHCertutilRevokedCerts.ps1
|
function Get-PWSHCertutilRevokedCerts { <# .SYNOPSIS Gets revoked certificates from one or all CAs in a profile. .DESCRIPTION Connects to each CA in the profile via WinRM, runs certutil -view filtered to revoked certificates (Disposition=21), and returns them as PowerShell objects. Each result carries Profile and CAServer metadata. .PARAMETER Profile The configuration profile to use. .PARAMETER CAFqdn Optional. Queries only this CA instead of all CAs in the profile. .PARAMETER Credential Optional PSCredential for WinRM. Defaults to current user. .EXAMPLE Get-PWSHCertutilRevokedCerts -Profile 'prod-pki' Retrieves all revoked certificates from every CA in the 'prod-pki' profile. .EXAMPLE Get-PWSHCertutilRevokedCerts -Profile 'prod-pki' | Group-Object RevokedReason Groups revoked certificates by revocation reason. .OUTPUTS PSCustomObject[]. One object per revoked certificate with Profile, CAServer, and all configured -out fields. #> [CmdletBinding()] [OutputType([PSCustomObject])] param( [Parameter(Mandatory, Position = 0)] [string] $Profile, [Parameter()] [string] $CAFqdn, [Parameter()] [pscredential] $Credential ) $config = Read-ConfigFile $profileConfig = Get-ProfileConfig -Config $config -ProfileName $Profile $autoSyncArgs = @{ Config = $config; ProfileName = $Profile; ProfileConfig = $profileConfig } if ($PSBoundParameters.ContainsKey('Credential')) { $autoSyncArgs['Credential'] = $Credential } $profileConfig = Invoke-ProfileAutoSync @autoSyncArgs $fieldMap = @{} if ($profileConfig.syncState -and $profileConfig.syncState.fieldNameMap) { $profileConfig.syncState.fieldNameMap.PSObject.Properties | ForEach-Object { $fieldMap[$_.Name] = $_.Value } } $viewParams = Get-CertutilViewParams -ProfileConfig $profileConfig -Operation 'revokedCerts' $cas = if ($PSBoundParameters.ContainsKey('CAFqdn')) { $found = $profileConfig.cas | Where-Object { $_.fqdn -eq $CAFqdn } if (-not $found) { throw "CA '$CAFqdn' is not defined in profile '$Profile'." } $found } else { $profileConfig.cas } foreach ($ca in $cas) { try { $sessionArgs = @{ CAFqdn = $ca.fqdn; RemotingConfig = $profileConfig.remoting } if ($PSBoundParameters.ContainsKey('Credential')) { $sessionArgs['Credential'] = $Credential } $session = Get-CASession @sessionArgs $rawOutput = Invoke-CertutilView -Session $session -Restrict $viewParams.Restrict -Out $viewParams.Out ConvertFrom-CertutilCsv -RawOutput $rawOutput -FieldMap $fieldMap | Add-ResultMetadata -Profile $Profile -CAServer $ca.fqdn } catch { Write-Error "Failed to query revoked certs from '$($ca.fqdn)': $_" } } } |