I have a simple script that checks the EnhancedKeyUsageProperty of a certificate installed on a local machine. If a specific Root CA gets enabled, sites for the client fail so I am querying to ensure that the result set is Null. This works fine on a Win8 or Server 2012 machine but always returns Null on a Win 2008R2 server. Any ideas on how I can modify this to get it to return data on Server 2008 R2?
$path = "c:\temp\cert_status.txt"
$cert = dir Cert:\LocalMachine\Root\91C6D6EE3E8AC86384E548C299295C756C817B81
$eku = New-Object Microsoft.PowerShell.Commands.EnhancedKeyUsageProperty $cert | Out-File $path
if ($eku=$null) {
Send-MailMessage -From "sender@example.com" -To "me@example.com" -Subject "Primary Root CA is disabled" -Body "The certificate is disabled" -SmtpServer localhost
}
else {
Send-MailMessage -From "sender@example.com" -To "me@example.com" -Subject "Primary Root CA is enabled" -Body "The certificate is enabled" -SmtpServer localhost
}