Check for certificate signing algorithm from a web server using powershell. Based on the Test-WebServerSSL cmdlet from http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?List=332991f0-bfed-4143-9eea-f521167d287c&ID=60 which is the same as https://pspki.codeplex.com/wikipage?title=Test-WebServerSSL I think. Modified with input from the Philly Powershell user group to make it a bit more useful.
function get-SSLSigningAlgorithm {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)]
[string]$URL,
[Parameter(Position = 1)]
[ValidateRange(1,65535)]
[int]$Port = 443,
[Parameter(Position = 2)]
[Net.WebProxy]$Proxy,
[Parameter(Position = 3)]
[int]$Timeout = 15000,
[switch]$UseUserContext
)
$ConnectString = "https://$url`:$port"
$WebRequest = [Net.WebRequest]::Create($ConnectString)
$WebRequest.Proxy = $Proxy
$WebRequest.Credentials = $null
$WebRequest.Timeout = $Timeout
$WebRequest.AllowAutoRedirect = $true
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
try {
$Response = $WebRequest.GetResponse()
}
catch {
Write-Error $_.Exception
continue
}
if ($WebRequest.ServicePoint.Certificate -ne $null) {
$Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle
$properties = @{'SignatureAlgorithm'=$Cert.SignatureAlgorithm.FriendlyName;
'CertExpiration'=$Cert.NotAfter;
'FullCert'=$Cert}
$object = New-Object -TypeName PSObject –Prop $properties
Write-Output $object;
} else {
Write-Error $Error[0]
}
}