I am trying to script a report on certificate usage for a specific app, and those certs are all part of the output of "certutil -store -my" (Web Server 2008 R2).
However the "issued-to" field is not part of the output (for these certs, all contain server names in FQDN format).
Does anyone know how to get the FQDN server name aka Issued To, from certutil?
Here is sample output of "certutil -store -my" ("xx" and "nn" substituted in some places). It contains what I want...serno, from-to dates, subject cn: ...but where can I find the servername.domain.com "Issued To"?
================ Certificate 2 ================
Serial Number: nnnn5a6c00000000nnnn
Issuer: CN=xxxxxxxxxx, OU=Certificate Services, OU=xxxxxxxxxxxx, O=xxxxxxxxx, S=California, C=US NotBefore: 7/20/2014 8:30 PM NotAfter: 3/9/2024 1:37 AM
Subject: CN=server-name.domain.com, OU=IT, O=xxxx, L=xxxx, S=Colorado, C=US
Non-root Certificate
Template:
Cert Hash(sha1): nn nn nn nn nn nn nn nn nn nn nn nn nn nn nn nn nn nn nn nn Key Container = xx-nnnxxxx-xxx-nnnnnn Unique container name: xx-nnnxxxx-xxx-nnnnnn_xx-nnnxxxx-xxx-nnnnnn Provider = Microsoft Strong Cryptographic Provider
Encryption test passedThanks for any info.
1 Answer
Found my own answer...that very same output I'm already looking at has it. (I must have been partly blind, partly misled by the first couple of certs in my output which were for very different types of certs.)
The CN in the Subject: line contains it.
