Howdy folks! I’ve posted another PowerShell script which may come in handy for IT admins no matter what services you administer. You can read more about it below, and you can download it from this TechNet Script Center link.
Public Key Infrastructure (PKI) relies on the certificates which are being utilized to be issued from “trusted” authorities. Put very basically (basically enough to make PKI experts worldwide collectively wince) the certificate being used can be checked against the list to make sure there is a matching trusted issuer certificate in the trusted root list and that the issuer’s certificate passed some checks. If the issuing certificate is missing and cannot be retrieved from the Microsoft PCA (which is not uncommon in secure corporate networks) then whatever services the certificate is being used for will likely fail.
There is a known condition which can happen where there can be too many certificates in the trusted root stores. This leads to some of them not being retrieved and may cause the trusted root check to fail and hence the services which rely on that to fail. This can be perceived as an intermittent and tough to track down problem.
This script will look at a local computer’s certificate trust list and count what is present. The problem is typically seen when there are greater than one hundred certificates in the store, so the script will show “problem detected = $true” in that case. The sizing of when the problem may occur is not precise since the data in certificates can may the size in memory a little different.
The script counts the number of certificates in the trusted root store on the computer and it also exports the list to a CSV file so you can review what is in it.
Detection Time : 5/13/2013 8:20:28 AM
Problem Detected : False
Computer Name : TSPRING1034
Computer Role : Member Workstation
Computer Domain : northamerica.contoso.com
Number of Trusted Certificate Authorities : 38
Number of Third Party Trusted Certificate Authorities : 23