Get CA chain

Question

Get CA chain

jimbju opened this issue 3 years ago · comments

Hi,

Is there a way to get the root CA certificate for an issuing CA using PSPKI?

I'm using the following code to get the issuing CA certificate:

$ca = Get-CertificationAuthority | Where-Object {$_.'DisplayName' -eq 'My CA'}
$issuing_ca_cert = "-----BEGIN CERTIFICATE-----`n$([System.Convert]::ToBase64String($ca.Certificate.RawData) -replace '.{64}', "`$&`n")`n-----END CERTIFICATE-----"

But I can't figure out how to get the root CA certificate.

Thanks for an excellent module!

Best regards,
Jim

Vadims Podans · Answer 1 · Fri Dec 16 2022 19:46:38 GMT+0800 (China Standard Time)

You can get it like this:

$ca = Get-CertificationAuthority | Where-Object {$_.'DisplayName' -eq 'My CA'}
$propReader = new-object SysadminsLV.PKI.Dcom.Implementations.CertPropReaderD $ca.ConfigString,$false
$certs = new-object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$certs.Import($propReader.GetLatestCaCertificateChain())

$certs variable will contain entire chain for your CA. First element in this variable should be root CA cert.

jimbju · Answer 2 · Fri Dec 16 2022 20:15:12 GMT+0800 (China Standard Time)

You are a true hero @Crypt32 , thank you and have a nice weekend!