I am trying to access thumbprints of installed certificate on IIS 10 stores. I am using following command
Get-ChildItem -path Cert:\LocalMachine\Personal
but the above command giving me following error
PS C:\Users\Administrator> Get-ChildItem -path Cert:\LocalMachine\Personal
Get-ChildItem : Cannot find path '\LocalMachine\Personal' because it does not exist.
At line:1 char:1
+ Get-ChildItem -path Cert:\LocalMachine\Personal
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (\LocalMachine\Personal:String) [Get-ChildItem], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
However, the following command is returning with valid thumbprints
Get-ChildItem -path Cert:\LocalMachine\WebHosting
Interestingly, when I go to IIS>Server Certificate, I can see there are two store WebHosting and Personal.
I looked at microsoft documentation and it states, which means there are WebHosting and Personal Store
The Web Hosting store works like the Personal store, so all of the existing tools to import and export certificates work the same way. The key difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.
Can anyone suggest me why Get-ChildItem -path Cert:\LocalMachine\Personal
is throwing an error?
Personal
is the logical store name in the MMC. In the PowerShell PSDrive, store name is My
.
Get-ChildItem -path Cert:\LocalMachine\My
I cannot speak for why this is different. However, you can run the following on a Windows systems to potentially spot other naming discrepancies:
certutil -enumstore
You can take the above command a step further and create your own mapping of naming mismatches:
(certutil -enumstore) -match '"[^"]+"' | Foreach-Object {
$PSStore,$MMCStore = ($_ -split '("[^"]+")').Trim(' ','"')[0,1]
[pscustomobject]@{ 'PSStore' = $PSStore; 'MMCStore' = $MMCStore }
}