derekmurawsky
9/17/2014 - 6:42 PM

Check for certificate signing algorithm from a web server using powershell. Based on the Test-WebServerSSL cmdlet from http://en-us.sysadmin

Check for certificate signing algorithm from a web server using powershell. Based on the Test-WebServerSSL cmdlet from http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?List=332991f0-bfed-4143-9eea-f521167d287c&ID=60 which is the same as https://pspki.codeplex.com/wikipage?title=Test-WebServerSSL I think. Modified with input from the Philly Powershell user group to make it a bit more useful.

function get-SSLSigningAlgorithm {
[CmdletBinding()]
    param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)]
        [string]$URL,
        [Parameter(Position = 1)]
        [ValidateRange(1,65535)]
        [int]$Port = 443,
        [Parameter(Position = 2)]
        [Net.WebProxy]$Proxy,
        [Parameter(Position = 3)]
        [int]$Timeout = 15000,
        [switch]$UseUserContext
    )
    $ConnectString = "https://$url`:$port"
    $WebRequest = [Net.WebRequest]::Create($ConnectString)
    $WebRequest.Proxy = $Proxy
    $WebRequest.Credentials = $null
    $WebRequest.Timeout = $Timeout
    $WebRequest.AllowAutoRedirect = $true
    [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
    try {
		$Response = $WebRequest.GetResponse()
	}
    catch {
		Write-Error $_.Exception
		continue
	}
    if ($WebRequest.ServicePoint.Certificate -ne $null) {
        $Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle
		$properties = @{'SignatureAlgorithm'=$Cert.SignatureAlgorithm.FriendlyName;
                'CertExpiration'=$Cert.NotAfter;
                'FullCert'=$Cert}
		$object = New-Object -TypeName PSObject –Prop $properties
		Write-Output $object;
    } else {
        Write-Error $Error[0]
    }
}