# Modified from source: https://gist.github.com/jstangroome/5945820

/*
[CmdletBinding()]
param (
    [Parameter(Mandatory=$true)]
    [string]
    $ComputerName,

    [int]
    $Port = 443
)
*/

# Set ComputerName and Port values manually here if not using as Cmdlet. Comment out if not.
$ComputerName = 'example.com'
$Port = 443

$Certificate = $null
$TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient
try {

    $TcpClient.Connect($ComputerName, $Port)
    $TcpStream = $TcpClient.GetStream()

    $Callback = { param($sender, $cert, $chain, $errors) return $true }

    $SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $Callback)
    try {

        $SslStream.AuthenticateAsClient($ComputerName)
        $Certificate = $SslStream.RemoteCertificate

    } finally {
        $SslStream.Dispose()
    }

} finally {
    $TcpClient.Dispose()
}

if ($Certificate) {
    if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) {
        $Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate
    }

    Write-Output $Certificate
}

$Certificate
$Certificate.IssuerName
$Certificate.Verify() 
Test-Certificate $Certificate # Additional params are available for this commandlet

$CertExportDirectory = "$env:USERPROFILE\Downloads"
$CertExportName = $ComputerName + '_Port' + $Port.ToString() + '.cer'
$FilePath = Join-Path $CertExportDirectory  -Child $CertExportName
Export-Certificate -Cert $Certificate -FilePath $FilePath