How to find certificates that are expiring on your server using PowerShell – Part 2

Home > Blogs > PowerShell > How to find certificates that are expiring on your server using PowerShell – Part 2

How to find certificates that are expiring on your server using PowerShell – Part 2

Like This Blog 2 Jason Helmick
Added by January 16, 2013

If you read part 1 then you know it’s pretty easy to get a list of certificates and display the days remaining until they expire. But what if you only want a list of certificates that are currently assigned (has a binding) to websites?

This is a little more challenging, but PowerShell provides some tools to help with this problem. First, let me break the steps down for you so you can try it, then I will show a single one-liner that can be easily used with PowerShell remoting to gather the list from multiple servers.

First, you need to import the WebAdministration module to load the IIS: file provider. This provider contains the SSLBindings for the websites. This will tell you which sites are using certificates.

PS> Import-Module WebAdministration

Gather a list of all certificates on the server and store them a variable:

PS> $CertAll=Get-ChildItem -Path Cert:\LocalMachine\My

Gather a list of only the certificates that are bound in IIS:

PS> $CertInUse=Get-Childitem -Path IIS:\SslBindings 

Using the PowerShell Compare-Object cmdlet, compare the two lists and only return the ones that are the same.

PS> $CertSame=Compare-Object -ReferenceObject $CertAll -DifferenceObject $CertInUse -Property ThumbPrint -IncludeEqual -ExcludeDifferent

Using the list of thumbprints from the difference object, get each certificate and display the days remaining until it expires.

PS> $CertSame | foreach{Get-Childitem –path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}}

You can also filter the display so that only the certificates that will expire in the next 90 days is displayed.

PS> $CertSame | foreach{Get-Childitem -path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}} | Where-Object {$_.ExpireInDays -lt 90}

And it can all be done in one line – Great for checking multiple servers using PowerShell Remoting.

PS> Compare-Object -ReferenceObject (Get-ChildItem -Path Cert:\LocalMachine\My) -DifferenceObject (Get-Childitem -Path IIS:\SslBindings) -Property ThumbPrint -IncludeEqual -ExcludeDifferent | Foreach{Get-Childitem -path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}} | Where-Object {$_.ExpireInDays -lt 90}

 

Kinda cool!

Jason Helmick
Director of PowerShell Technologies
Interface Technical Training

Videos You May Like

Agile Methodology in Project Management

0 162 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Creating Users and Managing Passwords in Microsoft Office 365

0 694 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 647 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.