How to find certificates that are expiring on your server using PowerShell – Part 2

Home > Blogs > PowerShell > How to find certificates that are expiring on your server using PowerShell – Part 2

How to find certificates that are expiring on your server using PowerShell – Part 2

Like This Blog 2 Jason Helmick
Added by January 16, 2013

If you read part 1 then you know it’s pretty easy to get a list of certificates and display the days remaining until they expire. But what if you only want a list of certificates that are currently assigned (has a binding) to websites?

This is a little more challenging, but PowerShell provides some tools to help with this problem. First, let me break the steps down for you so you can try it, then I will show a single one-liner that can be easily used with PowerShell remoting to gather the list from multiple servers.

First, you need to import the WebAdministration module to load the IIS: file provider. This provider contains the SSLBindings for the websites. This will tell you which sites are using certificates.

PS> Import-Module WebAdministration

Gather a list of all certificates on the server and store them a variable:

PS> $CertAll=Get-ChildItem -Path Cert:\LocalMachine\My

Gather a list of only the certificates that are bound in IIS:

PS> $CertInUse=Get-Childitem -Path IIS:\SslBindings 

Using the PowerShell Compare-Object cmdlet, compare the two lists and only return the ones that are the same.

PS> $CertSame=Compare-Object -ReferenceObject $CertAll -DifferenceObject $CertInUse -Property ThumbPrint -IncludeEqual -ExcludeDifferent

Using the list of thumbprints from the difference object, get each certificate and display the days remaining until it expires.

PS> $CertSame | foreach{Get-Childitem –path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}}

You can also filter the display so that only the certificates that will expire in the next 90 days is displayed.

PS> $CertSame | foreach{Get-Childitem -path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}} | Where-Object {$_.ExpireInDays -lt 90}

And it can all be done in one line – Great for checking multiple servers using PowerShell Remoting.

PS> Compare-Object -ReferenceObject (Get-ChildItem -Path Cert:\LocalMachine\My) -DifferenceObject (Get-Childitem -Path IIS:\SslBindings) -Property ThumbPrint -IncludeEqual -ExcludeDifferent | Foreach{Get-Childitem -path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}} | Where-Object {$_.ExpireInDays -lt 90}

 

Kinda cool!

Jason Helmick
Director of PowerShell Technologies
Interface Technical Training

Videos You May Like

Agile Methodology in Project Management

0 117 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Creating Users and Managing Passwords in Microsoft Office 365

0 506 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 485 3

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. Avatar Suprotim Roy

    How can I get the above results as e-mail alerts?

  2. Avatar Jason Helmick

    Tree your old technology changes. There are easer ways now than this older video. Interested?

Share your thoughts...

Please fill out the comment form below to post a reply.