(PowerShell) Get Certificate CRL Distribution Points

Demonstrates how to get a certificate's CRL Distribution Points extension data (assuming it exists). In the vast majority of cases, there will be one CRL Distribution Point.

Note: This example requires Chilkat v9.5.0.76 or greater.

Chilkat .NET Downloads Chilkat .NET Assemblies

Add-Type -Path "C:\chilkat\ChilkatDotNet47-9.5.0-x64\ChilkatDotNet47.dll"

$cert = New-Object Chilkat.Cert

$success = $cert.LoadFromFile("qa_data/certs/test_haswdt.cer")
if ($success -ne $true) {
    $($cert.LastErrorText)
    exit
}

# Get the CRL Distribution Points extension, which is at OID 2.5.29.31
$extensionXmlStr = $cert.GetExtensionAsXml("2.5.29.31")
if ($cert.LastMethodSuccess -eq $false) {
    $("Certificate does not have the CDP extension.")
    exit
}

$xml = New-Object Chilkat.Xml
$xml.LoadXml($extensionXmlStr)

# See what we have..
$($xml.GetXml())

# We should get XML like this:

# <?xml version="1.0" encoding="utf-8" ?>
# <sequence>
#     <sequence>
#         <contextSpecific tag="0" constructed="1">
#             <contextSpecific tag="0" constructed="1">
#                 <contextSpecific tag="6" constructed="0">aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1
# cmVFbWFpbENBLmNybA==</contextSpecific>
#             </contextSpecific>
#         </contextSpecific>
#     </sequence>
# </sequence>
# 

# Assuming there is one CRL Distribution Point...
$sbDistPoint = New-Object Chilkat.StringBuilder
$success = $xml.GetChildContentSb("sequence|contextSpecific|contextSpecific|contextSpecific",$sbDistPoint)
if ($success -eq $true) {
    $sbDistPoint.Decode("base64","utf-8")
    $("CRL Distribution Point:  " + $sbDistPoint.GetAsString())
}

# Sample output:
# CRL Distribution Point:  http://crl.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crl