VMware Cloud Community
JohnnyScript
Contributor
Contributor
‎04-16-2013 06:53 AM

Empty output while obtaining ssl certificates

Below is a script that works for two of the three locations in VSphere(in part- I still get many access denied).  For the one problematic site (Location3), my CSV is empty (it goes about 6Kb but it is all blanks).  The confounding item is that I can stream output to my console via the write-debug command (and I see servers and cert information) and the CSV file gets created in the right location. Here is my code (my goal is to list all SSL certs that are embedded for https connections).

Function Get-SSLInfo {
Begin {}
Process {
$SSLStuff=new-object psobject
if ((test-connection -computername $_ -quiet) -and $_.guest.osfullname -match "windows") {
$DebugPreference="SilentlyContinue"
$vm=$_.name
Write-Debug "`$vm=$vm"
$store=new-object system.security.cryptography.x509certificates.x509store("\\$vm\My","LocalMachine")
$store.Open("ReadOnly")
$SSLCert=$store.Certificates|where {$_.subject -match "domain.com"}
Write-Debug "`$SSLCert=$SSLCert"
$SSLStuff | Add-Member -type noteproperty -name VMName -value $_ -Force
$SSLStuff | Add-Member -type noteproperty -name HostCluster -value $_.vmhost.parent.name -Force
$SSLStuff | Add-Member -type noteproperty -name Mnemonic -value $_.Folder -Force
$SSLStuff | Add-Member -type noteproperty -name SSLIssuer -value $SSLCert.Issuer -Force
$SSLStuff | Add-Member -type noteproperty -name SSLSubject -value $SSLCert.Subject -Force
$SSLStuff | Add-Member -type noteproperty -name SSLFN -value $SSLCert.FriendlyName -Force
$SSLStuff | Add-Member -type noteproperty -name SSLExpiration -value $SSLCert.NotAfter -Force
$SSLStuff | Add-Member -type noteproperty -name SSLSN -value $SSLCert.SerialNumber -Force
$SSLStuff | Add-Member -type noteproperty -name SSLPrivateKey -value $SSLCert.HasPrivateKey -Force
Write-Debug "$SSLStuff|fl *"
} #end if test-connection
write-output $SSLStuff
} #end process section of function
End {}
} #end get-sslinfo function

$DebugPreference="Continue"
$ErrorActionPreference="Continue"
$Location="LOC-FirstLocale"
Connect-VIServer "firstconsole"
$Location1VM=get-vm -Location $Location
$Location="LOC-SecondLocale"
Connect-VIServer "secondconsole"
$Location2VM=get-vm -Location $Location
$Location="LOC-ThirdLocale"
Connect-VIServer "thirdconsole"
$Location3VM=get-vm -Location $Location
Write-Debug "Location3MachinesFound=$Location3VM"
$MyDocuments=[Environment]::GetFolderPath("MyDocuments")
$Location1VM|Get-SSLInfo|export-csv $MyDocuments\Scripts\SSL\Location1.csv -NoTypeInformation
$Location3VM|Get-SSLInfo|export-csv $MyDocuments\Scripts\SSL\Location3.csv -NoTypeInformation
$Location2VM|Get-SSLInfo|export-csv $MyDocuments\Scripts\SSL\Location2.csv -NoTypeInformation

and the output to the console:

[Not After]
  8/9/2014 7:59:59 PM

[Thumbprint]
  E54126F01AE93513317A33C867C38DFB0C89C5DD
[Subject]
  CN=domain.com, OU=For Intranet Use Only, OU=Secure Server, O=XXX
, L=XXX, S=XXX, C=US

[Issuer]
  CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at
https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US

[Serial Number]
  It provides the correct serial number here- removed for security

[Not Before]
  5/17/2011 8:00:00 PM

[Not After]
  5/17/2013 7:59:59 PM

[Thumbprint]
  A8....(remainder removed for security)
[Subject]
  CN=domain.com, OU=For Intranet Use Only, OU=Secure Server, O=XXX, L=XXX, S=XX, C=US

[Issuer]
  CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at
https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US

[Serial Number]
  69....(rest removed for security)

[Not Before]
  5/22/2011 8:00:00 PM

[Not After]
  5/22/2013 7:59:59 PM

[Thumbprint]
  A7...rest removed for security)
[Subject]
  CN=domain.com, OU=For Intranet Use Only, OU=Secure Server,
O=XXX, L=XXX, S=XXX, C=US

[Issuer]
  CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at
https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US

etc, etc with a bunch of ssl certs listed on the console and then lines like

DEBUG: @{VMName=server1; HostCluster=Cluster1; Mnemonic=xxx; SSLIssuer=;
SSLSubject=; SSLFN=; SSLExpiration=; SSLSN=; SSLPrivateKey=}|fl *
DEBUG: $vm=server25
DEBUG: $SSLCert=
DEBUG: @{VMName=server25; HostCluster=cluster6; Mnemonic=xxx; SSLIssuer=;
SSLSubject=; SSLFN=; SSLExpiration=; SSLSN=; SSLPrivateKey=}|fl *
DEBUG: $vm=server30
DEBUG: $SSLCert=
DEBUG: @{VMName=server30; HostCluster=Cluster12; Mnemonic=xxx; SSLIssuer=;
SSLSubject=; SSLFN=; SSLExpiration=; SSLSN=; SSLPrivateKey=}|fl *

0 Kudos
1 Reply
JohnnyScript
Contributor
Contributor
‎04-17-2013 10:06 AM

Never mind.  It was working last night.  I did not change anything....odd.

0 Kudos