im am having issues using the get-childitem command on certs and the -eku parmateter see below
same issue if I use
get-childitem -path cert:\currentuser -recurse -eku “client”
or
PS Cert:> get-childitem -eku “client”
Get-ChildItem : A parameter cannot be found that matches parameter name ‘eku’.
At line:1 char:15
PS Cert:> PS Cert:> Get-ChildItem -Path .\CurrentUser\ -Recurse -Eku ‘client’
Get-Process : A positional parameter cannot be found that accepts argument ‘Get-ChildItem’.
At line:1 char:1
yes that was copy paste error but still same problem
PS Cert:> Get-ChildItem -Path .\CurrentUser\ -Recurse -Eku “Client”
Get-ChildItem : A parameter cannot be found that matches parameter name ‘Eku’.
At line:1 char:46
I think I may have found the issue, what OS are you running?
It doesn’t work on my Windows 7 or 2008R2 machines, even with PS 5.1 however on my 2012R2 boxes it’s fine, I noticed this on the documentation page:
The new dynamic parameters work in Windows PowerShell 3.0 and newer releases of Windows PowerShell, running on Windows 8, Windows Server 2012 and newer releases of the Windows operating system.
My machine has v5.1 which works as I described above. It doesn’t work on v6 though
get-help certificate
shows this under dynamic parameters
Cmdlets Supported: Get-ChildItem
-EKU
Gets certificates that have the specified text or text pattern in the EnhancedKeyUsageList property of the
certificate. Wildcard characters (*) are permitted. The EnhancedKeyUsageList property contains the friendly
name and the OID fields of the EKU.
Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, all EKU searches
return certificates that have an empty EnhancedKeyUsageList property value.
This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on
certificates.
This parameter was introduced in Windows PowerShell 3.0.
It should work. Do you have admin privileges on the machine on which you’re trying this?
Finding about to expire certificates the PowerShell 2.0 way
If you are using Windows PowerShell 2.0 (or if you just like to type), you can still find certificates that are about to expire by using the Get-ChildItem cmdlet on your Cert: PSDrive, and then piping the results to the Where-Object.