Sorry... no Japanese blog this week. My weekend was pretty boring. On Saturday, the rest of our stuff arrived by sea. So, we spent most of the weekend un-packing. But I've been in the process of updating a PowerShell script of mine. I really needed to find a way to programmatically check if a Certificate or CRL was newer then the one that I already had. Just in case you are wondering, these are actual files and do not reside within any type of certificate store. That being said, I already knew that a .NET Framework class could be used to read a certificate file. For example:
$CRT = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$CRT.Import("D:\mycert.cer")
$CRT.GetEffectiveDateString()
But... for some reason (as I discovered while pilfering around MSDN) the ability to read a CRL file was never included in the X509Certificates namespace. Hmmm.... That sucked! I don't know why there is always a gotcha when it comes to PKI, but for some reason important things are almost always left out, not documented correctly, poorly implemented, and the list could go on. It was just mind blogging to think that a really wonderful namespace to handle certificates was created, but the ability to read the properties of a CRL were just randomly left out.
Anyhow, really needing a solution, I next turned to Mono and found class called X509Crl. Bingo... After looking at the "unfinished" documentation I arrived at the following solution:
Add-Type -Path "D:\Resources\Mono.Security.dll"
$CRL = [Mono.Security.X509.X509Crl]::CreateFromFile D:\mycrl.crl")
$CRL.NextUpdate