How to search for Server Exchange or Server Authentication type certificates installed on host computer using PowerShell?

Question

I'm trying to choose a certificate from the computer certificate store LocalMachine\My that serves for Server Exchange or Authentication (I'm unsure regarding the exact nomenclature) purposes. I know there are filters to return only certificates of a certain type, as such:

    PS> Get-ChildItem Cert:\LocalMachine\My -codesigning

and what I want is to do something like:

    PS> Get-ChildItem Cert:\LocalMachine\My -exchange

Which fails in PowerShell.

If such a filter keyword doesn't exists, can some venture a way to do it, or at least how to go about it?

Answer 1

To get a list of certs with server authentication you can filter by the enhanced key usage properties:

dir cert:\localmachine\my | ? {
    $_.Extensions | % { 
        $_.EnhancedKeyUsages | ? {
            $_.FriendlyName -eq "Server Authentication"}}}

Answer 2

You can read each certificate properties in this way:

Get-ChildItem Cert:\LocalMachine\My | fl *

then you can filter by property, in this case filtering by name of issuer:

Get-ChildItem Cert:\LocalMachine\My | where-object { $_.issuer -match "servername" }