Hi All,

Below is the snippet to retrieve the client mapping certificate from IIS .

$siteName = "WebSiteName"

# Get build folder path

$ScriptPath = $MyInvocation.MyCommand.Path

# Get build folder parent directory

$ScriptDir = Split-Path -Parent $ScriptPath

[string] $logdate =get-date -Format "yyyyMMddhhmm"

$OutputFolderPath = $ScriptDir + "\Certificates"

if(!(Test-Path $OutputFolderPath))

{

New-Item -ItemType directory -Path $OutputFolderPath

}

$OutputFolderFilepath =$OutputFolderPath + "\" + "$logdate"

if(!(Test-Path $OutputFolderFilepath))

{

New-Item -ItemType directory -Path $OutputFolderFilepath

}

$authentications = Get-WebConfiguration `

-filter "system.webServer/security/authentication/*" `

-PSPath "IIS:\Sites\$siteName"

foreach ($auth in $authentications)

{

if ($auth.sectionpath -like ‘*iisClientCertificateMappingAuthentication*’)

{

$IISMappings=$auth

}

}

$certCollection=$IISMappings|select -ExpandProperty oneToOneMappings|select -expandproperty collection

$count=$certCollection.Count;

for( $i=0; $i -le $count; $i++)

{

$cert= $certCollection[$i].certificate

$Certname="Cert"+$i

$certPath=$OutputFolderFilepath+"\$Certname.cer"

$cert| Set-Content -Path "$certPath" -Force

}

$certList = Get-ChildItem $OutputFolderFilepath

$IISCerts=@()

foreach ($cer in $certList)

{

$certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2

$certPrint.Import($cer.fullname)

# Write-Host $cer.Name,$certPrint.SerialNumber

$IISCerts +=[pscustomobject][ordered]@{CertificateName=$cer.Name

CertificateSerialNumber=$certPrint.SerialNumber

CertificateExpirydate=$certPrint.NotAfter

Subject=$certPrint.Subject

}

}

$IISCerts|?{$_.CertificateExpirydate -ge (Get-Date)}|Export-Csv -Path $OutputFolderFilepath -NoTypeInformation

regards,

Chaitanya