Zachary Loeber

I eat complexity and am never without a meal.

Powershell: Check For Misplaced Certificates

Here is a script I absentmindedly put together one evening while power watching a TV series on Netflix with the wife. The general idea of this script is to check local machine, trusted root, and intermediate trusted root stores for misplaced or duplicate certificates.

It is easy to get lax when deploying or maintaining Windows servers that require any kind of certificates to be installed. You may end up with trusted root certificates (aka self-signed issuing certs) in your intermediate trust store or vice versa. You may also have duplicated public certs across stores for whatever reason. Prior to Server 2012 and some of the more modern applications this really wasn’t an issue. As of late I’ve experiences some Lync 2013 oddities that make me think that it is about time to be more diligent with certificate placement and this script will help towards this end.

Anyway, the script makes educated guesses on incorrect cert placements and provides advice on what actions to take.