diff --git a/result-example.md b/result-example.md index 228ca54..75dde6d 100644 --- a/result-example.md +++ b/result-example.md @@ -2,16 +2,16 @@ Duplicated Serial Numbers (per CA) -sIssuer SerialNumber FriendlyName DnsNameList sSubject revokedOn -------- ------------ ------------ ----------- -------- --------- -internal-ca 2F hsanchez {hsanchez} hsanchez -internal-ca 2F city1 {city1} city1 {revocados} -internal-ca 30 audit03 {audit03} audit03 {revocados} -internal-ca 30 uaIntro {uaIntro} uaIntro -internal-ca 31 city04 {city04} city04 -internal-ca 31 uaDevice(2) {uaDevice} uaDevice -internal-ca 32 fperez {fperez} fperez -internal-ca 32 uaExit(2) {uaExit} uaExit +sIssuer|SerialNumber|FriendlyName|DnsNameList|sSubject|revokedOn +-------|------------|------------|-----------|--------|--------- +internal-ca|2F|hsanchez|{hsanchez}|hsanchez| +internal-ca|2F|city1|{city1}|city1|{revocados} +internal-ca|30|audit03|{audit03}|audit03|{revocados} +internal-ca|30|uaIntro|{uaIntro}|uaIntro| +internal-ca|31|city04|{city04}|city04| +internal-ca|31|uaDevice(2)|{uaDevice}|uaDevice| +internal-ca|32|fperez|{fperez}|fperez| +internal-ca|32|uaExit(2)|{uaExit}|uaExit| This is the last part of the result returned by the script: It shows duplicated SerialNumbers 2F, 30, 31 and 32 To avoid issues when some of this certs is revoked, you must revoked all them, and recreate new certs forevery user involved. @@ -24,35 +24,37 @@ every item of $listaC has these attributes: ```powershell PS C:\Users\me\Documents> $listaC[56] ``` -EnhancedKeyUsageList : {Client Authentication (1.3.6.1.5.5.7.3.2)} -DnsNameList : {uaDedicated01} -SendAsTrustedIssuer : False -Archived : False -Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...} -FriendlyName : uaDedicated01(02) -IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName -NotAfter : 12/07/2020 14:10:54 -NotBefore : 13/07/2018 14:10:54 -HasPrivateKey : False <-- NOT IMPORTED BY THIS POWERSHELL SCRIPT -PrivateKey : -PublicKey : System.Security.Cryptography.X509Certificates.PublicKey -RawData : {18, ...} -SerialNumber : 3F -SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName -SignatureAlgorithm : System.Security.Cryptography.Oid -Thumbprint : 4AD2BBE653414EE1A10E01FB3D26F62D003B52C7 -Version : 3 -Handle : 2788955271140 -Issuer : CN=internal-ca, E=mail@mycompany.com, O=MYCOMP, L=myCity, S=myCity, C=ES -Subject : CN=uaDedicated01, E=mail@mycompany.com, O=MYCOMP, L=myCity, S=myCity, C=ES -IsCA : False -IsServer : False -IsClient : True -sIssuer : internal-ca -sSubject : uaDedicated01 -refid : 5b85b04689ad1 -isRevoked : True -revokedOn : {revocados, revCAcert} +Property|Value +--------|----- +EnhancedKeyUsageList | {Client Authentication (1.3.6.1.5.5.7.3.2)} +DnsNameList | {uaDedicated01} +SendAsTrustedIssuer | False +Archived | False +Extensions | {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...} +FriendlyName | uaDedicated01(02) +IssuerName | System.Security.Cryptography.X509Certificates.X500DistinguishedName +NotAfter | 12/07/2020 14:10:54 +NotBefore | 13/07/2018 14:10:54 +HasPrivateKey | False <-- NOT IMPORTED BY THIS POWERSHELL SCRIPT +PrivateKey | +PublicKey | System.Security.Cryptography.X509Certificates.PublicKey +RawData | {18, ...} +SerialNumber | 3F +SubjectName | System.Security.Cryptography.X509Certificates.X500DistinguishedName +SignatureAlgorithm | System.Security.Cryptography.Oid +Thumbprint | 4AD2BBE653414EE1A10E01FB3D26F62D003B52C7 +Version | 3 +Handle | 2788955271140 +Issuer | CN=internal-ca, E=mail@mycompany.com, O=MYCOMP, L=myCity, S=myCity, C=ES +Subject | CN=uaDedicated01, E=mail@mycompany.com, O=MYCOMP, L=myCity, S=myCity, C=ES +IsCA | False +IsServer | False +IsClient | True +sIssuer | internal-ca +sSubject | uaDedicated01 +refid | 5b85b04689ad1 +isRevoked | True +revokedOn | {revocados, revCAcert} --- You can show certs that will expire in the next 90 days