隨記

SSL Certificate Diagnostic Script

Purpose: Fetch SSL certificate from remote server and provide import instructions

param( [Parameter(Mandatory= $true)] [string]$ hostname,

[Parameter(Mandatory=$false)]
[int]$port = 443,

[Parameter(Mandatory=$false)]
[string]$outputDir = ".\certs"

)

Write-Host "" Write-Host "================================================================" -ForegroundColor Cyan Write-Host "SSL Certificate Diagnostic Tool" -ForegroundColor Cyan Write-Host "================================================================" -ForegroundColor Cyan Write-Host ""

Create output directory

if (-not (Test-Path $outputDir)) { New-Item -ItemType Directory -Path $outputDir -Force | Out-Null Write-Host "[OK] Created certificate output directory: $outputDir" -ForegroundColor Green }

$certFile = Join-Path $outputDir "$ hostname.cer"

Write-Host "[i] Target server: $hostname`:$ port" -ForegroundColor Yellow Write-Host ""

Use PowerShell to get certificate

try { Write-Host "[*] Connecting to server..." -ForegroundColor Cyan

$tcpClient = New-Object System.Net.Sockets.TcpClient($hostname, $port)
$sslStream = New-Object System.Net.Security.SslStream($tcpClient.GetStream(), $false, {$true})

try {
    $sslStream.AuthenticateAsClient($hostname)
    $cert = $sslStream.RemoteCertificate

    if ($cert) {
        $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($cert)

        Write-Host ""
        Write-Host "================================================================" -ForegroundColor Cyan
        Write-Host "Certificate Information:" -ForegroundColor Cyan
        Write-Host "================================================================" -ForegroundColor Cyan
        Write-Host "Subject      : $($cert2.Subject)" -ForegroundColor White
        Write-Host "Issuer       : $($cert2.Issuer)" -ForegroundColor White
        Write-Host "Serial Number: $($cert2.SerialNumber)" -ForegroundColor White
        Write-Host "Thumbprint   : $($cert2.Thumbprint)" -ForegroundColor White
        Write-Host "Not Before   : $($cert2.NotBefore)" -ForegroundColor White
        Write-Host "Not After    : $($cert2.NotAfter)" -ForegroundColor White
        Write-Host ""

        # Check validity
        $now = Get-Date
        if ($now -lt $cert2.NotBefore) {
            Write-Host "[X] Certificate not yet valid!" -ForegroundColor Red
            Write-Host "    Valid from: $($cert2.NotBefore)" -ForegroundColor Red
        } elseif ($now -gt $cert2.NotAfter) {
            Write-Host "[X] Certificate EXPIRED!" -ForegroundColor Red
            Write-Host "    Expired on: $($cert2.NotAfter)" -ForegroundColor Red
        } else {
            $daysRemaining = ($cert2.NotAfter - $now).Days
            if ($daysRemaining -lt 30) {
                Write-Host "[!] Certificate expires in $daysRemaining days" -ForegroundColor Yellow
            } else {
                Write-Host "[OK] Certificate is valid (expires in $daysRemaining days)" -ForegroundColor Green
            }
        }

        # Export certificate
        $certBytes = $cert2.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
        [System.IO.File]::WriteAllBytes($certFile, $certBytes)
        Write-Host "[OK] Certificate exported to: $certFile" -ForegroundColor Green
    }

} finally {
    $sslStream.Close()
    $tcpClient.Close()
}

} catch { Write-Host "[X] Failed: $($ _.Exception.Message)" -ForegroundColor Red

if ($_.Exception.InnerException) {
    Write-Host "    Details: $($_.Exception.InnerException.Message)" -ForegroundColor Red
}
exit 1

}

Write-Host "" Write-Host "================================================================" -ForegroundColor Cyan Write-Host "How to Import Certificate to Java Truststore:" -ForegroundColor Cyan Write-Host "================================================================" -ForegroundColor Cyan Write-Host ""

Check Java installation

try { $javaHome = $env:JAVA_HOME if (-not $javaHome) { $javaCmd = Get-Command java -ErrorAction Stop $javaHome = (Get-Item $javaCmd.Source).Directory.Parent.FullName }

$truststorePath = Join-Path $javaHome "lib\security\cacerts"

if (Test-Path $truststorePath) {
    Write-Host "[i] Java Truststore found: $truststorePath" -ForegroundColor Yellow
    Write-Host ""

    Write-Host "Run this command (requires admin privileges):" -ForegroundColor Green
    Write-Host ""
    Write-Host "keytool -import -alias $hostname -file `"$certFile`" -keystore `"$truststorePath`" -storepass changeit" -ForegroundColor White
    Write-Host ""
    Write-Host "Note: Default password is 'changeit'" -ForegroundColor Yellow
    Write-Host ""
    Write-Host "To verify the certificate was imported:" -ForegroundColor Green
    Write-Host "keytool -list -keystore `"$truststorePath`" -storepass changeit | Select-String $hostname" -ForegroundColor White

} else {
    Write-Host "[!] Java Truststore not found" -ForegroundColor Yellow
}

} catch { Write-Host "[!] Java installation not found" -ForegroundColor Yellow Write-Host " Please ensure JAVA_HOME environment variable is set" -ForegroundColor Yellow }

Write-Host "" Write-Host "================================================================" -ForegroundColor Cyan Write-Host "Done" -ForegroundColor Cyan Write-Host "================================================================" -ForegroundColor Cyan Write-Host ""