Small update 🦅

blakedrumm · web-flow · commit 84acfde6b540 · 2024-05-05T14:29:46.000-04:00
diff --git a/Powershell/Test-SCOMCertificate.ps1 b/Powershell/Test-SCOMCertificate.ps1
@@ -294,6 +294,7 @@ $($ChainCertsOutput)
 				# Not part of a domain
 				continue;
 			}
+			
 			$subjectProblem = $false
 			$fqdnRegexPattern = "CN=" + ($fqdn.Replace(".", "\.")).Replace(" ", "|CN=")
 			try { $CheckForDuplicateSubjectCNs = ((($cert).Subject).Split(",") | %{ $_.Trim() } | Where { $_ -match "CN=" }).Trim("CN=") | % { $_.Split(".") | Select-Object -First 1 } | Group-Object | Where-Object { $_.Count -gt 1 } | Select -ExpandProperty Name }
@@ -597,11 +598,8 @@ Enhanced Key Usage Extension is Good
 					else { $text42 = "Serial Number is written to the registry"; $out += "`n" + $text42; Write-Host $text42 -BackgroundColor Green -ForegroundColor Black }
 				}
 			}
-<#
-    Check that the cert's issuing CA is trusted (This is not technically required
-                as it is the remote machine cert's CA that must be trusted.  Most users leverage
-    the same CA for all machines, though, so it's worth checking
-                #>			$chain = new-object Security.Cryptography.X509Certificates.X509Chain
+			#Check that the cert's issuing CA is trusted (This is not technically required as it is the remote machine cert's CA that must be trusted. Most users leverage the same CA for all machines, though, so it's worth checking
+			$chain = new-object Security.Cryptography.X509Certificates.X509Chain
 			$chain.ChainPolicy.RevocationMode = 0
 			if ($chain.Build($cert) -eq $false)
 			{
@@ -756,7 +754,7 @@ Certificate Checker
 		continue
 	}
 	#endregion Function
- 
+	
 	#region DefaultActions
 	if ($Servers -or $OutputFile -or $All -or $SerialNumber)
 	{

Original file line number	Diff line number	Diff line change
`@@ -294,6 +294,7 @@ $($ChainCertsOutput)`
`294`	`294`	`# Not part of a domain`
`295`	`295`	`continue;`
`296`	`296`	`}`
	`297`	`+`
`297`	`298`	`$subjectProblem = $false`
`298`	`299`	`$fqdnRegexPattern = "CN=" + ($fqdn.Replace(".", "\.")).Replace(" ", "\|CN=")`
`299`	`300`	`try { $CheckForDuplicateSubjectCNs = ((($cert).Subject).Split(",") \| %{ $_.Trim() } \| Where { $_ -match "CN=" }).Trim("CN=") \| % { $_.Split(".") \| Select-Object -First 1 } \| Group-Object \| Where-Object { $_.Count -gt 1 } \| Select -ExpandProperty Name }`
`@@ -597,11 +598,8 @@ Enhanced Key Usage Extension is Good`
`597`	`598`	else { $text42 = "Serial Number is written to the registry"; $out += "`n" + $text42; Write-Host $text42 -BackgroundColor Green -ForegroundColor Black }
`598`	`599`	`}`
`599`	`600`	`}`
`600`		`-<#`
`601`		`- Check that the cert's issuing CA is trusted (This is not technically required`
`602`		`- as it is the remote machine cert's CA that must be trusted. Most users leverage`
`603`		`- the same CA for all machines, though, so it's worth checking`
`604`		`- #> $chain = new-object Security.Cryptography.X509Certificates.X509Chain`
	`601`	`+ #Check that the cert's issuing CA is trusted (This is not technically required as it is the remote machine cert's CA that must be trusted. Most users leverage the same CA for all machines, though, so it's worth checking`
	`602`	`+ $chain = new-object Security.Cryptography.X509Certificates.X509Chain`
`605`	`603`	`$chain.ChainPolicy.RevocationMode = 0`
`606`	`604`	`if ($chain.Build($cert) -eq $false)`
`607`	`605`	`{`
`@@ -756,7 +754,7 @@ Certificate Checker`
`756`	`754`	`continue`
`757`	`755`	`}`
`758`	`756`	`#endregion Function`
`759`		`-`
	`757`	`+`
`760`	`758`	`#region DefaultActions`
`761`	`759`	`if ($Servers -or $OutputFile -or $All -or $SerialNumber)`
`762`	`760`	`{`