Does anyone know if it is possible to apply multiple filters on the Subject. For example, I want all certificates where Country = PT and Email contains company.com. I am trying to this in many ways: - Using CA MMV SnapIn - Using CertAdmn COM API - Using CryptoAPI (CertFindCertificateInStore) As far as I can get, there is no way to do this directly. Of course I can retrieve all certificates, and check one by one, which I want to avoid. Any idea? Thanks in advance BFC

Try using ICertView http://msdn.microsoft.com/en-us/library/aa385439(v=VS.85).aspx to query the ADCS database. ICertView maintains an array of restrictions allowing each column to contain any number of restrictions. In your example Country and Email are two different columns and you should be able to combine such a search. /Hasain

Thanks Hasain, The problem with the SetRestriction is that only supports the operators =, >, >=, <= and <. It does not support 'contains'. I think also that the ICertView reflects the CA database in terms of requests, which eventually it is not the best choice when I am searching for certificates. I don't know if when a certificate is issued, is also published in the local store where the CA resides. I believe it is published to the AD, but I want to avoid search in the AD. I am developing a WS API to be consumed. One of the requirements of this API is Search for Certificates, using filters, which are specified by the end user. Much of this filters uses the 'Contains' operator. Do you have any idea what is the best approach? BTW, I am already using the ICertView API to expose the same functionality of the CA MMC SnapIn. Thanks in advance BFC

at least you can use Where-Object cmdlet in Windows PowerShell. You can look at my PowerShell PKI module: http://pspki.codeplex.com/ when you install the module you can run the command: Get-CertificationAuthority CACompName | Get-IssuedRequest | where {$_.Property -like "*value*"} Change Property to the corresponding row name. For example Get-CertificationAuthority CACompName | Get-IssuedRequest | where {$_.Country -eq "PT" -and $_.email -like "*company.com*"}My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

The problem with the SetRestriction is that only supports the operators =, >, >=, <= and <. It does not support 'contains'. I think also that the ICertView reflects the CA database in terms of requests, which eventually it is not the best choice when I am searching for certificates. I don't know if when a certificate is issued, is also published in the local store where the CA resides. I believe it is published to the AD, but I want to avoid search in the AD. Very true, at MSDN you can read that SetRestrictions can hold multiple restriction per column, I have never tested to combine, maybe worth a trial Regarding the issued certificates, you can find the issued certificate in the database as well in the RawCertificate column /Hasain

Thanks Vadins. I checked in your code that you use LDAP to query objects. Sorry for my ignorance, but ADCS implements LDAP? If yes what is the default address? (LDAP://??) Thanks in advanceBFC

My code use a lot of data sources. For example, to get information about Enterprise CAs, certificate templates and so on. For CA database queries it uses ICertView2 COM interface.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

I checked your code, and I can't find where you deal wth 'like' operator filter. For example, in your Get-RequestRow.ps1 file foreach ($line in $Filter) { if ($line -match "^(.+)\s(-eq|-lt|-le|-ge|-gt)\s(.+)$") { try {$Rcolumn = $CaView.GetColumnIndex($false, $matches[1])} catch {Write-Warning "Specified column '$($matches[1])' does not exist!"; return} $Seek = switch ($matches[2]) { "-eq" {1} "-lt" {2} "-le" {4} "-ge" {8} "-gt" {16} } But I can't find how to deal your query Get-CertificationAuthority CACompName | Get-IssuedRequest | where {$_.Country -eq "PT" -and $_.email -like "*company.com*"} Thanks in advance BFC

I don't use -like operator since it is not supported by the API. However you can use this operator outside of the API. In a given example: Get-CertificationAuthority CACompName | Get-IssuedRequest | where {$_.Country -eq "PT" -and $_.email -like "*company.com*"} Get-IssuedReques command will return all issued certificate request row. And to filter output you apply external filter within where-object scriptoblock.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com