Client Management Suite

 View Only

  • 1.  List of Certificates

    Posted Aug 11, 2020 07:27 AM
    Does anyone have a powershell script or vbs script to list all the certs that is shown from the Diagnostics plugin? I can find it manually by registering the Diagnostics plugin and activating the Certificates page, but I want to view the information via script. I couldn't find anything in the ASDK for this.


  • 2.  RE: List of Certificates
    Best Answer

    Broadcom Employee
    Posted Aug 25, 2020 06:06 AM
    There is AEXAGENTUTIL command-line utility in the agent folder.

    You can use the following command to list all the certificates registered by the agent.
    AeXAgentUtil /findcert

    There are two versions of the utility - one with .COM and one with .EXE extension. One with .COM extension outputs the results to the Windows console so you should use either
    aexagentutil.com /findcert
    or
    aexagentutil /findcert

    aexagentutil.exe /findcert 
    will output nothing

    use aexagentutil /? to get the list of all the commands.

    hope that helps,
    sergei
    Original Message


  • 3.  RE: List of Certificates

    Posted Aug 25, 2020 08:07 AM
    ​Better than nothing. If I find a way to create objects for each cert, I'll post it.
    Original Message


  • 4.  RE: List of Certificates

    Posted Aug 27, 2020 11:26 PM
    This is the powershell script to turn the output of AeXAgentUtil.com into objects in powershell.Sorry about the formatting. The forum does have a code insert for powershell.

    #Path to AeXAgentUtil.com
    $AexAgentUtilPath="C:\Program Files\Altiris\Altiris Agent\AeXAgentUtil.com"
    #Find certs related to SMA
    $certs=& $AexAgentUtilPath /findcert

    #Add double quotes to each line for data integrity and allows me to see an empty so and use that as a separator
    #Then joined all lines as 1 big string
    #After that I split each double doublequote, so it separates each certificate in it's own individual line
    #I skip the last 3 lines cause they are not needed
    $AllCerts=(($certs |ForEach-Object -Process {
    """$_"""
    }) -join "#" -split """""") | Select-Object -SkipLast 3

    #Remove CertsList if it exists, so this script can be run multiple times
    Remove-Variable -Name CertsList
    $AllCerts | ForEach-Object -Process {
    #Created an array by splitting # and filtering out all the empty lines
    #Re-joined it back into a single string
    <#
    replaced the matched string (, "#" ) so that a location can look correctly from a cert by making it one single line
    EG: Note: This is split on 2 lines:
    US, New York, New York, Company, Department,
    Server.Domain.com, user@email.com
    #>
    #Replaced matched string (#" ) with (;"), so multiple lines of the same field can be split later
    #This will create an array with the individual fields are on it's own line and not on multiple lines
    #To look at how the data looks like before formatting, just run $_ -split "#"
    $Trimmed=($_ -split "#" | Where-Object -FilterScript {$_ -ne ""}) -join "#" -replace ", ""#"" ",", " -replace "#"" ",";"""
    #$Trimmed | Where-Object -FilterScript {
    #Splits each field
    #Replaces (-replace "^""") the double quotes at the beginning of the string
    #Replaces (-replace """$") the double quotes at the end of the string
    #Replaces the string (";") with just ;, so it removes the double quotes
    $TrimmedSplit=$Trimmed -split "#" -replace "^""" -replace """$" -replace " " -replace """;""",";"
    #Creating an array for each certificate
    #$TrimmedSplit[index] splits the colon so it is an object
    <#
    This section removes the field name along with the colon
    If the string has a semi-colon, then it means the field has multiple lines
    The if statement will split the semi-colon into mutliple lines like how it is seen in the command line version
    ($TrimmedSplit[1] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    #>
    $CertsList+=@(New-Object -TypeName psobject -Property @{
    Certificate=$TrimmedSplit[0]
    ($TrimmedSplit[1] -split ":")[0]=($TrimmedSplit[1] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[2] -split ":")[0]=($TrimmedSplit[2] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[3] -split ":")[0]=($TrimmedSplit[3] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[4] -split ":")[0]=($TrimmedSplit[4] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[5] -split ":")[0]=($TrimmedSplit[5] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[6] -split ":")[0]=($TrimmedSplit[6] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[7] -split ":")[0]=($TrimmedSplit[7] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[8] -split ":")[0]=($TrimmedSplit[8] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[9] -split ":")[0]=($TrimmedSplit[9] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[10] -split ":")[0]=($TrimmedSplit[10] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[11] -split ":")[0]=($TrimmedSplit[11] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[12] -split ":")[0]=($TrimmedSplit[12] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    ($TrimmedSplit[13] -split ":")[0]=($TrimmedSplit[13] -replace "^[^:]*:\s*" -split ";" |`
    Where-Object -FilterScript {
    If ($_ -match ";") {
    $_ -split ";"
    } else {
    $_
    }
    })
    })
    }


  • 5.  RE: List of Certificates

    Posted May 24, 2022 10:48 AM

    I know I'm extremely late to the party on a response. I found this post helpful and wanted to share another version of this script that's a little more optimized and might be helpful to someone looking to output the Altiris Agent CEM certificates....

    ## TRANSLATES VARIOUS CULTURES DATETIMESTRING FORMATS FROM THE /FINDCERTS COMMAND LINE OUTPUT
    Function FormatDateTime_String {
    param([string]$DateString)
    $culture_name = $((Get-Culture).name)
    $culture = [Globalization.CultureInfo]::CreateSpecificCulture($culture_name)
    $CultureDateTimeFormat = (Get-Culture).DateTimeFormat
    $DateFormat = $CultureDateTimeFormat.ShortDatePattern
    $TimeFormat = $CultureDateTimeFormat.LongTimePattern
    $DateTimeFormat = "$DateFormat $TimeFormat"
    $FormatDate = 'MM/dd/yyyy h:mm tt'

    $DateTime_OutPut =
    IF ($DateString -AS [DATETIME]) {GET-DATE $DateString -Format $FormatDate}
    ELSEIF ($(try {([DATETIME]::ParseExact($DateString,"M/d/yyyy h:mm:ss",$NULL))} catch {$NULL}) -AS [DATETIME]) {GET-DATE ([DATETIME]::ParseExact($DateString,"M/d/yyyy h:mm:ss",$NULL)) -FORMAT $FormatDate}
    ELSEIF ($(try {([DATETIME]::ParseExact($DateString,"d/MM/yyyy h:mm:ss tt",$NULL))} catch {$NULL}) -AS [DATETIME]) {GET-DATE ([DATETIME]::ParseExact($DateString,"M/d/yyyy h:mm:ss",$NULL)) -FORMAT $FormatDate}
    ELSEIF ($(try {([DATETIME]::ParseExact($DateString,$DateTimeFormat,$culture))} catch {$NULL}) -AS [DATETIME]) {GET-DATE ([DATETIME]::ParseExact($DateString,$DateTimeFormat,$culture)) -FORMAT $FormatDate}
    ELSE {$($DateString)}
    Return $DateTime_OutPut
    }

    $InstallDir = (Get-ItemProperty 'HKLM:\Software\Altiris\Altiris Agent' -ErrorAction SilentlyContinue).InstallDir
    $AexAgentUtil = $InstallDir + '\AeXAgentUtil.com'

    ## RETRIEVE INSTALLED ALTIRIS CERTIFICATES
    $Certs = & $AeXAgentUtil /findcert /eng
    $Altiris_Certificates = @() ; $i = 1
    #Filter out unneeded lines from AeXAgentUtil /findcert output
    $Details = $Certs | select-string "Certificate ([1-9]|[1-4][0-9]|[5][0])$",'^[A-z]|[-]+:'
    $Certs | select-string "Certificate ([1-9]|[1-4][0-9]|[5][0])$","^[A-z]|[-]+:" | % {
    $i+=1
    IF ($_ -match '^Certificate ([1-9]|[1-4][0-9]|[5][0])$') {
    $skiplines = $i+11
    $Altiris_Certificates += @( [pscustomobject] @{
    'Certificate' = $details[($i-2)];
    'Thumbprint' = ($details[($i-1)] -split ":",2)[1].TRIM() ;
    'Serial Number' = ($details[($i)] -split ":",2)[1].TRIM() ;
    'Store' = ($details[($i+2)] -split ":",2)[1].TRIM() ;
    'Usages' = ($details[($i+3)] -split ":",2)[1].TRIM() ;
    'Sources' = ($details[($i+4)] -split ":",2)[1].TRIM() ;
    'Issued To' = ($details[($i+5)] -split ":",2)[1].TRIM() ;
    'Issued By' = ($details[($i+6)] -split ":",2)[1].TRIM() ;
    'Expiration Date' = FormatDateTime_String ($details[($i+7)] -split ":",2)[1].TRIM() ;
    'Installation Date' = FormatDateTime_String ($details[($i+8)] -split ":",2)[1].TRIM() ;
    'Private Key' = ($details[($i+9)] -split ":",2)[1].TRIM() ;
    'Self-Signed' = ($details[($i+10)] -split ":",2)[1].TRIM()
    })
    }
    }

    $Altiris_Certificates 

    Below is screenshot of the script output...


    Original Message