Get ADFS relying parties signing certificates

Today I want to show you how to check relying party signing certificates. If you working in large scale ADFS environment where you have huge amount of relying parties it might be difficult to check lots of thing manually. This is why you are forced to use ADFS cmdlets available on microsoft pages – link.

In this article you will find out how to check signing certificates using PowerShell function. To get relying party details you can use Get-ADFSRelyingPartyTrust command and specify identifier of RP. One of the property is RequestSigningCertificate and it will contain all certificate information that we need. In this example function will get details like:

– SerialNumber
– Subject
– Issuer
– Thumbprint
– NotBefore
– NotAfter


Get-ADFSRPCertificate -RPs https:\\
Get-ADFSRPCertificate -RPs https:\\, https:\\
Get-ADFSRPCertificate -RPs (Get-Content "C:\Users\$env:username\desktop\RPList.txt")

Final script:

Function Get-ADFSRPCertificate {
    # Parameters used in this function
        [Parameter(Position=0, Mandatory = $True, HelpMessage="Provide relying parties identifiers", ValueFromPipeline = $true)] 

        [Parameter(Position=1, Mandatory = $False, HelpMessage="Provide ADFS server name", ValueFromPipeline = $true)] 
        $ADFSServer = "ADFS01"
    $ErrorActionPreference = "Stop"
    $Results = @()

    ForEach($RP in $RPs)
        $RP = $RP.trim()
        Write-Host Processing $RP -ForegroundColor Yellow

            $RPDetails = Invoke-Command -ErrorAction Stop -ComputerName $ADFSServer -scriptblock {param($RP) Get-ADFSRelyingPartyTrust -identifier $using:RP | select Name,Identifier,Enabled,RequestSigningCertificate} -ArgumentList $RP

                    $Object = New-Object PSObject -Property @{ 
                    RelyingParty               = $RP
                    SerialNumber               = $RPDetails.RequestSigningCertificate.SerialNumber
                    Subject                    = $RPDetails.RequestSigningCertificate.Subject
                    Issuer                     = $RPDetails.RequestSigningCertificate.Issuer
                    Thumbprint                 = $RPDetails.RequestSigningCertificate.Thumbprint
                    NotBefore                  = $RPDetails.RequestSigningCertificate.NotBefore
                    NotAfter                   = $RPDetails.RequestSigningCertificate.NotAfter
                   $Results += $Object 

        Write-Host "`nFinal results:" -ForegroundColor Green
        # Display results in console
        $Results | Format-Table -AutoSize RelyingParty,Thumbprint,SerialNumber,NotAfter,NotBefore,Subject,Issuer
        # Open results in pop-up window
        $Results | Select-Object RelyingParty,NotAfter,NotBefore,Thumbprint,SerialNumber,Subject,Issuer | Sort-Object NotAfter | Out-GridView -Title "Certificates"
        # Export CSV
        $Results | Export-Csv -Path C:\users\$env:username\desktop\results.csv -NoTypeInformation


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.