function Get-PortCertificate {
        Returns certificate information from a listening TLS/SSL service port.
        Gets the associated certificate from a TLS/SSL application service port.
    .PARAMETER Computername
        Hostname or IP address of the target system (Default: localhost). The function uses the supplied computername to validate with the certificate's subject name(s).
        Port to retrieve SSL certificate (Default: 443).
        Directory path to save SSL certificate(s).
    .PARAMETER DownloadChain
        Save all chain certificates to file. A certificate chain folder will be created under the specfied -path directory. -DownloadChain is dependent on the path parameter.
        Name: Get-PortCertificate
        Author: Caleb Keene
        Updated: 08-30-2016
        Version: 1.2
        Get-PortCertificate -Computername Server1 -Port 3389 -Path C:\temp -verbose
        "server1","server2","server3" | Get-PortCertificate
            [Parameter(Mandatory = $false, ValueFromPipeline = $true, Position = 0)]
            [string]$ComputerName =  $env:COMPUTERNAME,  
            [Parameter(Mandatory = $false,Position = 1)]
            [int]$Port = 443,
            [Parameter(Mandatory = $false)]
        #use a dynamic parameter to prevent -downloadchain without -path.
        DynamicParam {
            #Need some sort of conditional check before allowing Dynamic Parameter
            If ($PSBoundParameters.ContainsKey('Path')) {
                #Same as [Parameter()]
                $attribute = new-object System.Management.Automation.ParameterAttribute
                $attribute.Mandatory = $false
                $AttributeCollection = new-object -Type System.Collections.ObjectModel.Collection[System.Attribute]
                #Build out the Dynamic Parameter
                # Need the Parameter Name, Type and Attribute Collection (Built already)
                $DynamicParam = new-object -Type System.Management.Automation.RuntimeDefinedParameter("DownloadChain", [switch], $AttributeCollection)
                $ParamDictionary = new-object -Type System.Management.Automation.RuntimeDefinedParameterDictionary
                $ParamDictionary.Add("DownloadChain", $DynamicParam)
                return $ParamDictionary
            #make sure the version is supported
            if ($psversiontable.psversion.Major -le 2 ){
                    Write-warning "Function requires PowerShell version 3 or later."
            #add a custom type name to control our objects default display properties
            try{ Update-TypeData -TypeName 'Get.PortCertificate' -DefaultDisplayPropertySet Subject,Issuer,NotAfter,NotBefore,ExpiresIn,CertificateValidNames,TargetName,TargetNameStatus,TargetNameStatusDetails,TargetNameIsValid,ChainPath,ChainStatus,ChainStatusDetails,CertificateIsValid -ErrorAction stop}
            #validate that the path is a filesystem directory
            if ($path) { 
                if(-not(test-path -PathType Container FileSystem::$path)){
                    Write-warning "The supplied directory path is not valid: $path"
        Process {
            #make sure we are able to establish a port connection
            #Set our connection timeout
            $timeout = 1000
            #Create object to test the port connection
            $tcpobject = New-Object System.Net.Sockets.TcpClient 
            #Connect to remote port
            $connect = $tcpobject.BeginConnect($ComputerName,$Port,$null,$null) 
            #Configure connection timeout
            $wait = $connect.AsyncWaitHandle.WaitOne($timeout,$false) 
            If (-NOT $Wait) {
                Write-Warning "[$($ComputerName)] Connection to port $($Port) timed out after $($timeout) milliseconds"
            } Else {
                Try {
                    Write-Verbose "[$($ComputerName)] Successfully connected to port $($Port). Good!"
                } Catch {
                    Write-Warning "[$($ComputerName)] $_"
            #Note: This also works for validating the port connection, but the default timeout when unable to connect is a bit long.
            try {
                (New-Object -ArgumentList $computername,$port -ErrorAction stop).Connected
                Write-Warning ("Unable to connect to {0} on port {1}"-f$ComputerName,$Port)

            Write-Verbose "[$($ComputerName)] Getting SSL certificate from port $($Port)."
            #create our webrequest object for the ssl connection
            $sslrequest = [Net.WebRequest]::Create("https://$ComputerName`:$port")
            #make the connection and store the response (if any).
            try{$Response = $sslrequest.GetResponse()}
            #load the returned SSL certificate using x509certificate2 class
            if ($certificate = [Security.Cryptography.X509Certificates.X509Certificate2]$sslrequest.ServicePoint.Certificate.Handle){
                Write-Verbose "[$($ComputerName)] Certificate found! Building certificate chain information and object data."
                #build our certificate chain object
                $chain = [Security.Cryptography.X509Certificates.X509Chain]::create()
                $isValid = $chain.Build($certificate)
                #get certificate subject names from our certificate extensions
                $validnames = @()
                try{[array]$validnames += @(($certificate.Extensions | Where-Object {$_.Oid.Value -eq ""}).Format($true).split("`n") | Where-Object {$_} | ForEach-Object {$_.split("=")[1].trim()})}catch{}
                try{[array]$validnames += @($certificate.subject.split(",")[0].split("=")[1].trim())}catch{}
                #validate the target name
                for($i=0;$i -le $validnames.count - 1;$i++){
                    if ($validnames[$i] -match '^\*'){
                        $wildcard = $validnames[$i] -replace '^\*\.'
                        if($computername -match "$wildcard$"){
                            $TargetNameIsValid = $true
                        $TargetNameIsValid = $false
                        if($validnames[$i] -match "^$ComputerName$"){
                            $TargetNameIsValid = $true
                        $TargetNameIsValid = $false
                #create custom object to later convert to PSobject (required in order to use the custom type name's default display properties)
                $customized = $certificate | Select-Object *,
                    @{n="ExtensionData";e={$_.Extensions | ForEach-Object {@{$_.oid.friendlyname.trim()=$_.format($true).trim()}}}},
                    @{n="ResponseUri";e={if ($Response.ResponseUri){$Response.ResponseUri}else{$false}}},
                    @{n="ExpiresIn";e={if((get-date) -gt $_.NotAfter){"Certificate has expired!"}else{$timespan = New-TimeSpan -end $_.notafter;"{0} Days - {1} Hours - {2} Minutes" -f $timespan.days,$timespan.hours,$timespan.minutes}}},
                    @{n="ChainPath";e={$count=0;$chaincerts = @($chain.ChainElements.certificate.subject);$($chaincerts[($chaincerts.length -1) .. 0] | ForEach-Object {"{0,$(5+$count)}{1}" -f "---",$_;$count+=3}) -join "`n"}},
                    @{n="ChainStatus";e={if($isvalid -and !$_.chainstatus){"Good"}else{$chain.chainstatus.Status}}},
                    @{n="ChainStatusDetails";e={if($isvalid -and !$_.chainstatus){"The certificate chain is valid."}else{$chain.chainstatus.StatusInformation.trim()}}},
                    @{n="TargetNameStatusDetails";e={if($TargetNameIsValid){"The target name appears to be valid: $computername"}else{"TargetName $computername does not match any certificate subject name."}}} 
                #get object properties for our PSObject
                $objecthash = [Ordered]@{}
                ($customized | Get-Member -MemberType Properties).name | ForEach-Object {$objecthash+=@{$_=$customized.$_}}
                #create the PSObject
                $psobject = New-Object psobject -Property $objecthash
                #add the custom type name to the PSObject
                #save our certificate(s) to file if applicable
                if ($path){
                    write-verbose "Saving certificate(s) to file."
                    try {
                        $psobject.RawData | Set-Content -Encoding Byte -Path "$path\Cert`_$ComputerName`_$port`.cer" -ErrorAction stop
                        write-verbose "Certificate saved to $path\Cert`_$ComputerName`_$port`.cer."
                    catch{write-warning ("Unable to save certificate to {0}: {1}" -f "$path\Cert`_$ComputerName`_$port`.cer",$_.exception.message)}
                        New-Item -ItemType directory -path "$path\ChainCerts`_$ComputerName`_$port" -ErrorAction SilentlyContinue > $null
                        $psobject.chaincertificates.certificates | ForEach-Object {
                            try {
                                Set-Content $_.RawData -Encoding Byte -Path "$path\ChainCerts`_$ComputerName`_$port\$($_.thumbprint)`.cer" -ErrorAction stop
                                write-verbose "Certificate chain certificate saved to $path\ChainCerts`_$ComputerName`_$port\$($_.thumbprint)`.cer."
                                write-warning ("Unable to save certificate chain certificate to {0}: {1}" -f "$path\ChainCerts`_$ComputerName`_$port",$_.exception.message)
                #abort any connections
                #return the object
                #we were able to connect to the port but no ssl certificate was returned
                write-warning ("[{0}] No certificate returned on port {1}."-f $ComputerName,$Port)
                #abort any connections