Checking Certificate Chains
The following PowerShell script may be used to output the certificate chain obtained by a particular machine. This can be useful for debugging SSL issues or investigating the impact of an SSL firewall configuration.
Usage
On the PowerShell command line, call the script with the -TargetHost parameter. For example:
.\Get-SslCertificateChain.ps1 -TargetHost "agent.oauth.rpp.cybercrucible.com"On yields the following output:
SSL Connection established to agent.oauth.rpp.cybercrucible.com:443
Certificate Chain:
Leaf Certificate (Subject): CN=agent.oauth.rpp.cybercrucible.com
True
- Subject: CN=agent.oauth.rpp.cybercrucible.com
Issuer: CN=E7, O=Let's Encrypt, C=US
Thumbprint: 2E401711BBC229F34B8A13D0233264CFBB155C82
Valid From: 10/05/2025 06:06:01
Valid To: 01/03/2026 05:06:00
- Subject: CN=E7, O=Let's Encrypt, C=US
Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Thumbprint: 3B73C17E3DF87CF3AA77F1389219EB5EDD519E7F
Valid From: 03/12/2024 20:00:00
Valid To: 03/12/2027 18:59:59
- Subject: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Thumbprint: CABD2A79A1076A31F21D253635CB039D4329A5E8
Valid From: 06/04/2015 07:04:38
Valid To: 06/04/2035 07:04:38