How to find certificates that are expiring on your server using PowerShell – Part 2
If you read part 1 then you know it’s pretty easy to get a list of certificates and display the days remaining until they expire. But what if you only want a list of certificates that are currently assigned (has a binding) to websites?
This is a little more challenging, but PowerShell provides some tools to help with this problem. First, let me break the steps down for you so you can try it, then I will show a single one-liner that can be easily used with PowerShell remoting to gather the list from multiple servers.
First, you need to import the WebAdministration module to load the IIS: file provider. This provider contains the SSLBindings for the websites. This will tell you which sites are using certificates.
PS> Import-Module WebAdministration
Gather a list of all certificates on the server and store them a variable:
PS> $CertAll=Get-ChildItem -Path Cert:\LocalMachine\My
Gather a list of only the certificates that are bound in IIS:
PS> $CertInUse=Get-Childitem -Path IIS:\SslBindings
Using the PowerShell Compare-Object cmdlet, compare the two lists and only return the ones that are the same.
PS> $CertSame=Compare-Object -ReferenceObject $CertAll -DifferenceObject $CertInUse -Property ThumbPrint -IncludeEqual -ExcludeDifferent
Using the list of thumbprints from the difference object, get each certificate and display the days remaining until it expires.
PS> $CertSame | foreach{Get-Childitem –path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}}
You can also filter the display so that only the certificates that will expire in the next 90 days is displayed.
PS> $CertSame | foreach{Get-Childitem -path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}} | Where-Object {$_.ExpireInDays -lt 90}
And it can all be done in one line – Great for checking multiple servers using PowerShell Remoting.
PS> Compare-Object -ReferenceObject (Get-ChildItem -Path Cert:\LocalMachine\My) -DifferenceObject (Get-Childitem -Path IIS:\SslBindings) -Property ThumbPrint -IncludeEqual -ExcludeDifferent | Foreach{Get-Childitem -path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}} | Where-Object {$_.ExpireInDays -lt 90}
Kinda cool!
Jason Helmick
Director of PowerShell Technologies
Interface Technical Training
Agile Methodology in Project Management
In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management
Creating Users and Managing Passwords in Microsoft Office 365
In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.
Detailed Forensic Investigation of Malware Infections – April 21, 2015
In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.
Write a Comment
See what people are saying...
Share your thoughts...
How can I get the above results as e-mail alerts?
Tree your old technology changes. There are easer ways now than this older video. Interested?