Updated the way the subject name is parsed against the DNS resolved name of the machine 🐎

blakedrumm · web-flow · commit 969d4ab7c050 · 2024-05-05T14:25:36.000-04:00
diff --git a/Powershell/Test-SCOMCertificate.ps1 b/Powershell/Test-SCOMCertificate.ps1
@@ -28,6 +28,8 @@
         Check all certificates on the local machine:
         PS C:\> .\Test-SCOMCertificates.ps1 -All
     .NOTES
+        Update 05/2024 (Blake Drumm, https://blakedrumm.com/)
+        	Updated the way the subject name is parsed against the DNS resolved name of the machine.
         Update 03/2024 (Blake Drumm, https://blakedrumm.com/)
         	Changed the name from Start-SCOMCertificateChecker to Test-SCOMCertificate.
         Update 05/2023 (Blake Drumm, https://blakedrumm.com/)
@@ -286,15 +288,14 @@ $($ChainCertsOutput)
 			$out += "`n" + "`n" + $text4
 			$pass = $true
 			# Check subjectname
-			$fqdn = $env:ComputerName
-			$fqdn += "." + [DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name
+			$fqdn = (Resolve-DnsName $env:COMPUTERNAME -Type A | Select-Object -ExpandProperty Name -Unique) -join " "
 			trap [DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException]
 			{
 				# Not part of a domain
 				continue;
 			}
 			$subjectProblem = $false
-			$fqdnRegexPattern = "CN=" + $fqdn.Replace(".", "\.") + '(,.*)?$'
+			$fqdnRegexPattern = "CN=" + ($fqdn.Replace(".", "\.")).Replace(" ", "|CN=")
 			try { $CheckForDuplicateSubjectCNs = ((($cert).Subject).Split(",") | %{ $_.Trim() } | Where { $_ -match "CN=" }).Trim("CN=") | % { $_.Split(".") | Select-Object -First 1 } | Group-Object | Where-Object { $_.Count -gt 1 } | Select -ExpandProperty Name }
 			catch { $CheckForDuplicateSubjectCNs = $null }
 			
@@ -755,6 +756,7 @@ Certificate Checker
 		continue
 	}
 	#endregion Function
+ 
 	#region DefaultActions
 	if ($Servers -or $OutputFile -or $All -or $SerialNumber)
 	{
