Contents

Method

GetCertificates

ModuleSecurity
LibrarySecurity
Action

Returns every certificate in the local machine cert store (as the agent is run as Local System).

Parameters

Store (string; optional): The name of the store certificates are to be retrieved from.

The short name of the store is preferable. If you use a long (friendly) name, the agent will attempt to map it to a store name. For example, 'Personal' would be mapped to 'My'.

The agent can translate a number of default store names. If the agent cannot translate the name supplied, it will attempt to use the supplied string as the actual name of the store and open it anyway. If this is not supplied, the agent will iterate through predefined system stores (Intermediate Certification Authorities, Trusted Root Certification Authorities, Third-Party Certification Authorities, Enterprise Trust, Other People, Trusted People, Trusted Publisher and Untrusted Certificates), and thus you may actually get multiple hits for a particular certificate if it exists in multiple stores.

Return values

FriendlyName (string): The "friendly name" field associated with the certificate. 

This is not actually part of the certificate, and a certificate could have a different friendly name associated with it on different devices, as it can be changed after issuing.

Subject (string): The Subject field of the certificate. This contains the Common Name of the certificate, but may also contain other entries.

Issuer (string): The Issuer field of the certificate. This contains the Issuer of the certificate.

IssuerThumbprint (string): The thumbprint (SHA1 hash) of the issuing certificate. Empty if this is a root certificate or the issuer is unavailable. New in v8.1.

Thumbprint (string): This is the SHA1 hash of the certificate, it identifies the certificate and is globally unique.

EffectiveDate (string): This is the date at which the certificate becomes valid. ('NotBefore')

ExpirationDate (string): This is the date at which the certificate is no longer valid. ('NotAfter')

SerialNumber (string): This is the serial number of the certificate. Do NOT use this to uniquely identify a certificate.

SerialNumber is only unique to the CA that issued the certificate; it is not globally unique.

StoreName (string): This is the long name of the store the certificate was retrieved from.

Example

Get information about all certificates in the local machine's certificate store:

Security.GetCertificates();
Platforms
  • Windows
Notes

Use the Windows command certutil -enumstore to see mappings of the short name to long (friendly) name of all the certificate stores on your PC.
For example:

  My                 "Personal"
  Root               "Trusted Root Certification Authorities"
  Trust              "Enterprise Trust"
  CA                 "Intermediate Certification Authorities"
  TrustedPublisher   "Trusted Publishers"
  Disallowed         "Untrusted Certificates"
  AuthRoot           "Third-Party Root Certification Authorities"
  TrustedPeople      "Trusted People"
  ClientAuthIssuer   "Client Authentication Issuers"
  ADDRESSBOOK        "Other People"
  Remote Desktop     "Remote Desktop"
  REQUEST            "Certificate Enrolment Requests"
  SmartCardRoot      "Smart Card Trusted Roots"
  TrustedAppRoot     "Trusted Packaged App Installation Authorities"
  TrustedDevices     "Trusted Devices"