New Post: Get Pending Requests with SAN / DNS

Just for fun ... I had a need to determine whether a cert was configured for SANs or not, so I came up with the following:

$CertData = (connect-ca $CertObject.IssuingCa | get-issuedrequest -RequestID $CertObject.RequestID | Receive-Certificate).GetRawCertData()
$TempCert = new-object system.security.cryptography.x509certificates.x509certificate2
$TempCert.Import($CertData)
$SANs = ($TempCert.Extensions | Where-Object {$_.Oid.FriendlyName -eq "subject alternative name"}).format(1)

$SANs will contain the stings which you can operate on for further filtering, or what have you. For example

switch -wildcard ($SANs)
{
"other name*" {
    $SANs = $SANs.Substring(17)
    $SANitem = "UPN"
    return $SANitem # (you could return $SANs for the actual string of UPNs)
           }
"dns name*"   {
    $SANs = $SANs.substring(0,$SANs.length-1).Split("\`n")
    foreach($SANitem in $SANs){
        $SANitems = "DNS"
        $SANitem += $SANitem    
                            }
     return $SANitem
                      }
}

This code will not copy and paste and run for you. It has not been fully sanatized from how I use it in my automations. The code is intended to provide an in-use context only, not just a general usage syntax. :)