Returns all non-timestamping certificates used in an authenticode signature.
If a certificate chain cannot be built on a device, for example if certificates are missing from the certificate store, the chain returned may be incorrect and will reflect this. This will also affect the
The CertificateType return value is inferred from the depth of the certificate in the chain built by the device. A depth 0 certificate can be marked as 'Self-signed' if no other certs in its trust chain can be found.
If you're dealing with multiple CAs, this isn't a good way to specify a cert. I've seen a bunch of certs with a SerialNumber of
HashAlgorithm (string): This is the hashing algorithm of the hash used to create the digital signature. If the hashing algorithm used is SHA-1, SHA-256, SHA-384 or SHA-512, the return values will be "SHA1", "SHA256", "SHA384" and "SHA512" respectively. Other hashing algorithms will return an OID, such as "1.2.840.1135126.96.36.199". These OIDs are searchable online, on sites such as oidref.com.
Does not return the time-stamping certificates.