Returns every certificate in the local machine cert store (as the agent is run as Local System).

ParametersStore (string; optional): The name of the store certificates are to be retrieved from. It is preferred that this is the actual name of the store. If a friendly name is supplied, the agent will attempt to map it to a store name. For example, 'Personal' would be mapped to 'My'. The agent can translate a number of default store names. If the agent cannot translate the name supplied, it will attempt to use the supplied string as the actual name of the store and open it anyway. If this is not supplied, the agent will iterate through predefined system stores (and thus you may actually get multiple hits for a particular certificate if it exists in multiple stores).
Return values

FriendlyName (string): The "friendly name" field associated with the certificate. 

This is not actually part of the certificate, and a certificate could have a different friendly name associated with it on different devices, as it can be changed after issuing.

Subject (string): The Subject field of the certificate. This contains the Common Name of the certificate, but may also contain other entries.

Issuer (string): The Issuer field of the certificate. This contains the Issuer of the certificate.

Thumbprint (string): This is the SHA1 hash of the certificate, it identifies the certificate and is globally unique.

EffectiveDate (string): This is the date at which the certificate becomes valid. ('NotBefore')

ExpirationDate (string): This is the date at which the certificate is no longer valid. ('NotAfter')

SerialNumber (string): This is the serial number of the certificate. Do NOT use this to uniquely identify a certificate.

SerialNumber is unique to the CA that issued the certificate, it is not globally unique.

StoreName(string): This is the store the certificate was retrieved from.


Get information about all certificates in the local machine's certificate store:

  • Windows