Discussion
One useful feature of the certificate provider is that it provides a –CodeSign parameter that lets you search for certificates in the certificate store that support code signing. Code signing certificates are not the only kind of certificates, however; other frequently used certificate types are Encrypting File System, Client Authentication, and more.
Example 166 lets you search the certificate provider for certificates that support a given Enhanced Key Usage (EKU).
Example 166. SearchCertificateStore.ps1
############################################################################## ## ## SearchCertificateStore.ps1 ## ## Search the certificate provider for certificates that match the specified ## Enhanced Key Usage (EKU.) ## ## ie: ## ## PS >SearchCertificateStore "Encrypting File System" ## ##############################################################################
param( $ekuName = $(throw "Please specify the friendly name of an " + "Enhanced Key Usage (such as 'Code Signing'") )
Example 166. SearchCertificateStore.ps1 (continued)
## Go through every certificate in the current user's "My" store foreach($cert in GetChildItem cert:\CurrentUser\My) {
## For each of those, go through its extensions foreach($extension in $cert.Extensions) {
## For each extension, go through its Enhanced Key Usages foreach($certEku in $extension.EnhancedKeyUsages) {
## If the friendly name matches, output that certificate if($certEku.FriendlyName eq $ekuName) {
$cert } } } }
