One-Liner(s): X509 Certificate Store Names and You

All right, we know that we can access a remote computer's various X509Certificate stores via .NET, and 'My' corresponds to "Local Computer\Personal\Certificates". What are the other names?

https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.storename.aspx

That gives us the details, but on some of my lab boxes, some of it didn't work. Specifically, I couldn't pull the Intermediate Certification Authorities list.

Per the above, that's the 'CertificateAuthority' X509Certificate store. In fact, we can enumerate the StoreName enum as follows

[Enum]::GetNames([System.Security.Cryptography.X509Certificates.Storename])

So, it says 'CertificateAuthority' all right. And it doesn't work with my box, all right. So, what to do?

Get-ChildItem cert:\LocalMachine | % { $_.Name }

That works for the local box. How about for my remote box? PSRemoting to the rescue.

Invoke-Command -ComputerName $ComputerName -ScriptBlock { Get-ChildItem cert:\LocalMachine | % { $_.Name } }

Comments

• Anonymous
  December 05, 2013
  Hey !! I am so interesting in this, do you have some more code or simple regarding this, I am implementng a XML signer using Smart card digital cerificiate, but  I need to sign the XML with the certificate in the user computer from my website, so far I have no clue have to do it, if I need Access the usb port from the web site or I just need to acess the remote store certificates. I appreciate any help on this, Andres