Discover TLS certificates
Discover TLS certificates
Retrieves metadata about TLS certificates for servers listening on the local machine. Enables mTLS adoption analysis and cert expiration notifications.
To learn more about queries, check this guide
SELECT * FROM curl_certificate WHERE hostname IN (SELECT DISTINCT 'localhost:'||port FROM listening_ports WHERE protocol=6 AND address!='127.0.0.1' AND address!='::1');function Get-CurlCertificate {
param(
[string]$hostname,
[int]$port
)
try {
$tcpClient = New-Object System.Net.Sockets.TcpClient
$tcpClient.Connect($hostname, $port)
$networkStream = $tcpClient.GetStream()
$sslStream = New-Object System.Net.Security.SslStream($networkStream, $false, { return $true })
$sslStream.ReadTimeout = 5000
$sslStream.WriteTimeout = 5000
$sslStream.AuthenticateAsClient($hostname)
$remoteCert = $sslStream.RemoteCertificate
if ($remoteCert) {
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $remoteCert
[PSCustomObject]@{
Hostname = "$hostname`:$port"
Subject = $cert.Subject
Issuer = $cert.Issuer
NotBefore = $cert.NotBefore
NotAfter = $cert.NotAfter
Thumbprint = $cert.Thumbprint
}
}
else {
[PSCustomObject]@{
Hostname = "$hostname`:$port"
Error = "No certificate returned"
}
}
$sslStream.Close()
$tcpClient.Close()
}
catch {
[PSCustomObject]@{
Hostname = "$hostname`:$port"
Error = "Failed to retrieve certificate - $_"
}
}
}
# Get distinct TCP listening ports where local address is not 127.0.0.1 or ::1
$ports = Get-NetTCPConnection -State Listen -Protocol TCP |
Where-Object { $_.LocalAddress -ne "127.0.0.1" -and $_.LocalAddress -ne "::1" } |
Select-Object -ExpandProperty LocalPort -Unique
foreach ($port in $ports) {
# Use "localhost" as the hostname to match the pattern "localhost:port"
$result = Get-CurlCertificate -hostname "localhost" -port $port
$result
}
PowerShell commands are currently work in progress, contributions welcome.
Platform
Edit
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
