Windows Metadata Changes to Certificates (which do not modify the certificate itself) are not captured

[guyacosta]

Describe the bug
Open the user certificate managed and change some properties after first creating a base scan. Run another and note the changes are not detected. It appears some properties are not captured for comparison which could be by design? But some key ones like OCSP checking being disabled are important from a security standpoint.

To Reproduce
Steps to reproduce the behavior:

1. Go to a certificate and edit the properties
2. Change the friendly name i.e. DO_NOT_TRUST to DO_TRUST, change the cert purposes or disable the OCSP checks if enabled or change the extended validation for example. Save and run a scan to compare to a baseline scan.
3. Note the changes are not detected

Expected behavior
Modification of key properties should be detected. Might be a good idea to document if not in scope for the current release and convert this to an enhancement.

Screenshots
If applicable, add screenshots to help explain your problem.

System Configuration (please complete the following information):

• OS: Windows
• OS Version: Windows 10
• Application Version: 2.1...see image
• CLI or GUI: GUI

Additional Context
Add any other context about the problem here.

[gfs]

We don't do any "modified" checks for certificates right now. This is a good suggestion for enhancement for 2.1.

[gfs]

I'm also not sure if that data being changed actually changes the Certificate or if instead it changes how Windows handles the certificate. I'm inclined to believe it is the latter as "modifying" the certificate itself doesn't make sense, given the signing and hashing. Either way this does appear to affect attack surface so it would be nice to collect this. Will investigate what can be done for 2.1.

[guyacosta]

Good with that.

[gfs]

I haven't been able to make any headway on this. Moving it to Future, but I can't find any programmatic way to get those settings.