Tuesday, September 15, 2015

Certificates : Finding a certificate by the thumbprint (or other attributes)

I was having issues with a WIF web.config issue. The web.config had a thumbprint and I couldn't find the actual certificate in the ADFS server certificate store.

Duh - the ADFS encryption and signing certificates are not stored there if you use certificate rollover. They are apparently stored in the ADFS DB or in AD in a certificate container or .. There's a number of inconclusive posts on this matter.

But it did lead to me learning something about how to find a certificate from the thumbprint.

You you use the certificate plugin from mmc.

Right-click in the top level and then "Find Certificates".

Then you can put a thumbprint (or part of one) and search on "SHA1 Hash". There are other parameters you can search on as well.

You'll then get a list of the certificates that match and if you scroll over to the right, the stores that they are contained in.

Or you can use PowerShell from the root directory.
 dir -recurse | where {$_.Thumbprint -eq "5D278138246AE7E7C71F580F07E1BCEC6AA4D27E"} | Format-List -property *

where the thumbprint is the one you are looking for.

Or you can use Raf's amazing utility "Deploy Manager":

DeployManager June 2011 edition

Just remember to run it in Admin. mode.

It bears repeating that you can also extract the certificates from the ADFS metadata.

ADFS : Getting certificate data from metadata


No comments: