Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/l4rm4nd/windows-root-ca-store-checker
PowerShell Script to Validate Windows Root CA Trust Store
https://github.com/l4rm4nd/windows-root-ca-store-checker
ca certificate certificate-authority certificates microsoft pki powershell root-store trust trusted-certificates trusted-root
Last synced: 26 days ago
JSON representation
PowerShell Script to Validate Windows Root CA Trust Store
- Host: GitHub
- URL: https://github.com/l4rm4nd/windows-root-ca-store-checker
- Owner: l4rm4nd
- Created: 2024-08-27T10:12:02.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2024-09-02T09:04:52.000Z (2 months ago)
- Last Synced: 2024-10-13T00:01:38.818Z (26 days ago)
- Topics: ca, certificate, certificate-authority, certificates, microsoft, pki, powershell, root-store, trust, trusted-certificates, trusted-root
- Language: PowerShell
- Homepage:
- Size: 20.5 KB
- Stars: 2
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Windows-Root-CA-Store-Checker
PowerShell Script to Validate Windows Root CA Trust Store
## Description
1. Loads the trusted CA stores as CSV into memory from [Mozilla](https://wiki.mozilla.org/CA/Included_Certificates) and [Microsoft](https://learn.microsoft.com/en-us/security/trusted-root/participants-list).
2. Extracts the local root CA store from computer and calculates SHA256 fingerprints
3. Compares the local CA SHA256 fingerprints against Mozilla's and Microsoft's SHA256 fingerprints from CSV files
4. Displays the Certificate Authorities (CAs) that do not match. Also dumps them into an CSV outfile.
## How to use
Open a low-priv PowerShell (PS) and execute the script:
````
# locally
.\RootCACheck.ps1
# or via IEX into memory
IEX(New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/l4rm4nd/Windows-Root-CA-Store-Checker/main/RootCACheck.ps1")
````
