From 969d4ab7c05087890a0887bbe6af2ad535df1601 Mon Sep 17 00:00:00 2001
From: Blake Drumm <blakedrumm@microsoft.com>
Date: Sun, 5 May 2024 14:25:36 -0400
Subject: [PATCH] Updated the way the subject name is parsed against the DNS
 resolved name of the machine :racehorse:

---
 Powershell/Test-SCOMCertificate.ps1 | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Powershell/Test-SCOMCertificate.ps1 b/Powershell/Test-SCOMCertificate.ps1
index 4cdd1b7..0171ecc 100644
--- a/Powershell/Test-SCOMCertificate.ps1
+++ b/Powershell/Test-SCOMCertificate.ps1
@@ -28,6 +28,8 @@
         Check all certificates on the local machine:
         PS C:\> .\Test-SCOMCertificates.ps1 -All
     .NOTES
+        Update 05/2024 (Blake Drumm, https://blakedrumm.com/)
+        	Updated the way the subject name is parsed against the DNS resolved name of the machine.
         Update 03/2024 (Blake Drumm, https://blakedrumm.com/)
         	Changed the name from Start-SCOMCertificateChecker to Test-SCOMCertificate.
         Update 05/2023 (Blake Drumm, https://blakedrumm.com/)
@@ -286,15 +288,14 @@ $($ChainCertsOutput)
 			$out += "`n" + "`n" + $text4
 			$pass = $true
 			# Check subjectname
-			$fqdn = $env:ComputerName
-			$fqdn += "." + [DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name
+			$fqdn = (Resolve-DnsName $env:COMPUTERNAME -Type A | Select-Object -ExpandProperty Name -Unique) -join " "
 			trap [DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException]
 			{
 				# Not part of a domain
 				continue;
 			}
 			$subjectProblem = $false
-			$fqdnRegexPattern = "CN=" + $fqdn.Replace(".", "\.") + '(,.*)?$'
+			$fqdnRegexPattern = "CN=" + ($fqdn.Replace(".", "\.")).Replace(" ", "|CN=")
 			try { $CheckForDuplicateSubjectCNs = ((($cert).Subject).Split(",") | %{ $_.Trim() } | Where { $_ -match "CN=" }).Trim("CN=") | % { $_.Split(".") | Select-Object -First 1 } | Group-Object | Where-Object { $_.Count -gt 1 } | Select -ExpandProperty Name }
 			catch { $CheckForDuplicateSubjectCNs = $null }
 			
@@ -755,6 +756,7 @@ Certificate Checker
 		continue
 	}
 	#endregion Function
+ 
 	#region DefaultActions
 	if ($Servers -or $OutputFile -or $All -or $SerialNumber)
 	{