dbatools icon indicating copy to clipboard operation
dbatools copied to clipboard
verified publisher icon dataplat

Get-DbaInstanceNetworkCertificate

Open ksl28 opened this issue 2 years ago • 13 comments

Summarize Command's Functionality

It would be useful to have a cmdlet, that could show the certificate presented by a SQL server (DB Engine, SSIS, etc). Dbatools already have a few cmdlets that will show you this, but it requires access to the Windows host itself - which we sometimes do not have access to.

There exists other awesome functions out there that already have this feature - fx Get-SqlServerTlsCertificate (https://gist.github.com/jborean93/44f92e4dfa613c5a1e7889fa7a7c2563). But it would be beneficial to have the cmdlet natively baked into Dbatools, instead of having to pull multiple ressources.

For me properties like these would be awesome: Subject Name Expiration Date Thumbprint

Is there a command that is similiar or close to what you are looking for?

No

Technical Details

No response

ksl28 avatar Oct 05 '23 06:10 ksl28

We already have that command: Get-DbaNetworkCertificate

Or am I missing something?

andreasjordan avatar Oct 05 '23 07:10 andreasjordan

It seems that Get-DbaNetworkCertificate will try to connect using WinRM - which requires that i have access to the Windows machine. I need a way to just see what certificate, the port is presenting.

image

ksl28 avatar Oct 05 '23 07:10 ksl28

Ah, ok, I'll have a look at this later.

andreasjordan avatar Oct 05 '23 07:10 andreasjordan

It's been discussed in Discord about merging jborean code into the command. It does the cert checks more to how Microsoft support tool will do.

wsmelton avatar Oct 05 '23 14:10 wsmelton

@andreasjordan - Are you aware, if there are any updates on this matter? 😄

ksl28 avatar Apr 15 '24 06:04 ksl28

No, sorry. Not enough time. First idea: We copy the code from the gist without changes to an internal function inside of dbatools. But I'm not sure if we add a second public command or add parameters to Get-DbaInstanceNetworkCertificate.

@potatoqualitee - Do you have a suggestion?

andreasjordan avatar Apr 15 '24 14:04 andreasjordan

No, sorry. Not enough time. First idea: We copy the code from the gist without changes to an internal function inside of dbatools. But I'm not sure if we add a second public command or add parameters to Get-DbaInstanceNetworkCertificate.

@potatoqualitee - Do you have a suggestion?

No need to apologize - HUGE fan of your work with dbatools, so just glad you are willing to keep it up :) From a "consumer" perspective, i would say a seperate cmdlet would make the most sense 👍

ksl28 avatar Apr 15 '24 18:04 ksl28

Then we need a name for the command...

andreasjordan avatar Apr 15 '24 20:04 andreasjordan

Then we need a name for the command...

How about one of these?

Get-DbaInstanceCertificateInfo
Test-DbaInstanceCertificate
Inspect-DbaInstanceCertificate
Check-DbaInstanceCertificate

ksl28 avatar Apr 16 '24 05:04 ksl28