Trying to get Signing Algorithm for Personal Store Certificates

Hi all,

I have a reasonably straightforward script which provides me with various Certificate items based on using the ‘Get-Child-Item -Recurse’ CMDLET within a scriptblock from a list of servers, this has been working fine for my needs until I recently have been asked to provide the hash algorithm of these certificates I.E. SHa1, SHA2 etc.

I have looked into the SignatureAlgorithm.FriendlyName object to return this but unfortunately it does not seem to work

Even from a server if I change to the Certificate provider and attempt to get the algorithm info as below here is what I receive:

PS Cert:\LocalMachine> gci -Recurse | Select -Property SignatureAlgorithm

SignatureAlgorithm

System.Security.Cryptography.Oid

I have truncated the results but obviously there is no hash value being displayed

Also, if I use the following ‘signature.algorithm.friendlyname’ then no results get displayed at all ??

PS Cert:\LocalMachine> gci -Recurse | Select -Property SignatureAlgorithm.friendlyname

SignatureAlgorithm.friendlyname

Please help?

Many thanks in advance.

Have you tried piping to get-filehash?

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-5.1

$CertList = Get-ChildItem -Path Cert:\LocalMachine -Recurse | ? { $_.SignatureAlgorithm } 
$CertList | select @{n='Algorithm';e={$_.SignatureAlgorithm.FriendlyName}},Subject

Thanks for your help guys,
Sam, I used the second line of your suggested code which provided the signature algorithm value per certificate in conjunction with my other values per certificate per server adding it into my overall exported csv file.
However, do you know of any documentation which will fully explain the syntax for this will help me fully understand?

Many thanks for your help guys.

Hi Sam,

very good script
how i can find certificate that will be expaired next month

Thanks