public/Get-SSLCertificate.ps1

function Get-SSLCertificate {
    <#
.SYNOPSIS
    Get the SSL Certificate for given host.
.DESCRIPTION
    Open an SSL connection to the given host and read the presented server certificate.
.PARAMETER ComputerName
    A hostname or Url of the server to retreive the certificate.
.PARAMETER Port
    The port to connect to the remote server.
.PARAMETER OutSslStreamVariable
    Stores SslStream connetion details from the command in the specified variable.
.NOTES
    No validation check done. This command will trust all certificates presented.
.LINK
    Invoke-HttpUnit
.LINK
    Test-SSLCertificate
.INPUTS
    String
.OUTPUTS
    System.Security.Cryptography.X509Certificates.X509Certificate2
.EXAMPLE
    Get-SSLCertificate google.com
    Thumbprint Subject EnhancedKeyUsageList
    ---------- ------- --------------------
    9B97772CC2C860B0D0663AD3ED34272FF927EDEE CN=*.google.com Server Authentication

    Return the certificate for google.com.
.EXAMPLE
    $cert = Get-SSLCertificate expired.badssl.com
    $cert.Verify()
    False

    Verify a server certificate. You can use Test-SSLCertificate to validate the entire certificate chain.
.EXAMPLE
    $cert = Get-SSLCertificate google.com -verbose
    VERBOSE: Converting Uri to host string
    VERBOSE: ComputerName = google.com
    VERBOSE: Cipher: Aes256 strength 256
    VERBOSE: Hash: Sha384 strength 0
    VERBOSE: Key exchange: None strength 0
    VERBOSE: Protocol: Tls13

    Write SslStream connection details to Verbose stream.
.EXAMPLE
    PS> Get-SSLCertificate -ComputerName 'google.com' -OutSslStreamVariable sslStreamValue
    Thumbprint Subject EnhancedKeyUsageList
    ---------- ------- --------------------
    5D3AD94714B07830A1BFB445F6F581AD0AC77689 CN=*.google.com Server Authentication
    $sslStreamValue
    CipherAlgorithm : Aes256
    CipherStrength : 256
    HashAlgorithm : Sha384
    HashStrength : 0
    KeyExchangeAlgorithm : None
    KeyExchangeStrength : 0
    SslProtocol : Tls13

    Stores SslStream connection details in the `$sslStreamValue` variable.
#>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory, Position = 0)]
        [Alias('Address', 'Url')]
        [string]$ComputerName,

        [Parameter(Position = 1)]
        [ValidateRange(1, 65535)]
        [int]$Port = 443,

        [Parameter()]
        [string]
        $OutSslStreamVariable

    )

    $uri = $null

    if ([uri]::TryCreate($ComputerName, [System.UriKind]::RelativeOrAbsolute, [ref]$uri)) {
        Write-Verbose "Converting Uri to host string"
        if (![string]::IsNullOrEmpty($uri.Host)) {
            $ComputerName = $uri.Host
        }
    }

    Write-Verbose "ComputerName = $ComputerName"

    $Certificate = $null
    $TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient

    try {

        $TcpClient.Connect($ComputerName, $Port)
        $TcpStream = $TcpClient.GetStream()

        $SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $ServerCertificateCustomValidation_AlwaysTrust)
        try {

            $SslStream.AuthenticateAsClient($ComputerName)
            $Certificate = $SslStream.RemoteCertificate

            if ($PSBoundParameters.ContainsKey('OutSslStreamVariable')) {
                $streamProperties = [PSCustomObject]@{
                    CipherAlgorithm      = $SslStream.CipherAlgorithm
                    CipherStrength       = $SslStream.CipherStrength
                    HashAlgorithm        = $SslStream.HashAlgorithm
                    HashStrength         = $SslStream.HashStrength
                    KeyExchangeAlgorithm = $SslStream.KeyExchangeAlgorithm
                    KeyExchangeStrength  = $SslStream.KeyExchangeStrength
                    SslProtocol          = $SslStream.SslProtocol
                }

                Set-Variable -Name $OutSslStreamVariable -Value $streamProperties -Scope Global
            }

            "Cipher: {0} strength {1}" -f $SslStream.CipherAlgorithm, $SslStream.CipherStrength | Write-Verbose
            "Hash: {0} strength {1}" -f $SslStream.HashAlgorithm, $SslStream.HashStrength | Write-Verbose
            "Key exchange: {0} strength {1}" -f $SslStream.KeyExchangeAlgorithm, $SslStream.KeyExchangeStrength | Write-Verbose
            "Protocol: {0}" -f $SslStream.SslProtocol | Write-Verbose

        } catch {
            $_
        } finally {
            $SslStream.Dispose()
        }
    } catch {
        $_
    } finally {
        $TcpClient.Dispose()
    }

    if ($null -ne $Certificate) {
        if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) {
            $Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate
        }

        Write-Output $Certificate
    }
}