Home » PowerShell » Get Certificate Thumbprint in PowerShell

Get Certificate Thumbprint in PowerShell

by

A certificate thumbprint is a unique identifier of the certificate or hash, identifying a specific digital certificate. Using the Get-ChildItem cmdlet with the certificate store location path, it retrieves all of the certificates and gets the certificate thumbprint, expiry date, etc…

The Thumbprint property of the certificate is used to get the certificate hash in PowerShell.

In this article, we will discuss how to get the thumbprint of the certificate stored in the LocalMachine store using the Get-ChildItem cmdlet in PowerShell.

Table of Contents hide
1 Retrieve Certificate Thumbprint in PowerShell
2 Get a Thumbprint of a Certificate using the PowerShell
3 Conclusion

Retrieve Certificate Thumbprint in PowerShell

Use the Get-ChildItem cmdlet in PowerShell that uses the Path parameter to specify the certificate store location and retrieve all certificates along with the Thumbprint, FriendlyName, and Expiration date of the certificates.

Run the following command to obtain the certificate thumbprint using the PowerShell script.

Get-ChildItem -Path 'cert:\LocalMachine\My' | Select Thumbprint,FriendlyName,NotAfter

In the above PowerShell script, the Get-ChildItem cmdlet fetches all the certificates stored in the LocalMachine\My certificate store location. It passes the output to the Select command to get the certificate thumbprint, and certificate expiration date.

The output of the above script to retrieve the thumbprint of the certificate is:

PowerShell Get Certificate Thumbprint
PowerShell Get Certificate Thumbprint

Cool Tip: How to find a certificate by a thumbprint in PowerShell!

Get a Thumbprint of a Certificate using the PowerShell

The Get-ChildItem cmdlet in PowerShell retrieves all the certificated stored in the LocalMachine\My certificate store location path. To filter the results or get the thumbprint of a specific certificate, use the Where-Object cmdlet.

Get-ChildItem -Path 'cert:\LocalMachine\My' | Where-Object { $_.Subject -eq 'CN=localhost' }

In the above PowerShell script, the Get-ChildItem cmdlet uses the Path parameter to specify the LocalMachine\My certificate store location path.

It retrieves all the certificates and passes them to the Where-Object cmdlet. The Where-Object cmdlet check is Subject property of a certificate is equal to the subject of a certificate using -eq operator.

The output of the above PowerShell script to filter the certificates to retrieve the thumbprint of certificates based on the Subject property is:

PS C:\> Get-ChildItem -Path 'cert:\LocalMachine\My' | Where-Object { $_.Subject -eq 'CN=localhost' }                                                                                         

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
984E459FF99D87FD97AFC46DCDCBCB90E0B7FCD5  CN=localhost

Cool Tip: How to get certificate serial number in PowerShell!

Conclusion

I hope the above article on how to get the certificate thumbprint using the Get-ChildItem cmdlet in PowerShell with the Thumbprint property is helpful to you.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.