$Before = (get-date).adddays(90).ToString("MM/dd/yyyy")
$After = (get-date).AddDays(-5).ToString("MM/dd/yyyy")
<#
https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/
We create a date range with
$Before, i.e. certificates expiring before this date, and
$After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter.
#>
$Restrict = "NotAfter<=$Before,NotAfter>=$After"
$Report = @()
$cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template"
$SplitLines = $cmd.Split("`n`r")
$Index = 0
foreach ($line in $SplitLines){
if ($line -like "Row*" ){
$Details = New-Object PSObject
$Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","")
$Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","")
$Details | Add-Member noteProperty "Certificate Expiration Date" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","")
if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") {
$TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","")
}
Else {
write-host "hit"
$templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","")
}
$Details | Add-Member noteProperty "Certificate Template" $TemplateName
$report += $Details
}
$Index++
}
$report
Wednesday, September 20, 2017
Powershell : Certutil Find Expired Certs on CA server
Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query.
Tuesday, September 12, 2017
Powershell: Generate CSR
Wrote this function to generate SAN certificate requests. This isn't a robust solution, nor does it follow best practice, it is more of a hey it works with a Microsoft CA.
#https://social.technet.microsoft.com/Forums/Lync/en-US/b4e27454-c60f-4346-9f7d-22214f49ab6f/create-inf-file-to-create-req-using-certreqexe?forum=winserversecurity
Found a more correct script after i wrote this here https://pscsr256.codeplex.com/
#https://social.technet.microsoft.com/Forums/Lync/en-US/b4e27454-c60f-4346-9f7d-22214f49ab6f/create-inf-file-to-create-req-using-certreqexe?forum=winserversecurity
Found a more correct script after i wrote this here https://pscsr256.codeplex.com/
<#
.Synopsis
Generate CSR by Tony Unger
.DESCRIPTION
Generates CSR
.EXAMPLE
new-csr -CommonName "test0.microsoft.com" -DNSNames $HostNames
.EXAMPLE
new-csr -CommonName "test0.microsoft.com"
#>
function new-csr
{
[CmdletBinding()]
[Alias()]
[OutputType([int])]
Param
(
# Common name for request
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$CommonName,
# SAN DNS names
[string[]]
$DNSNames
)
Begin
{
$Date = (Get-Date).ToString('ddMMyyyy')
$ReqFile = "Cert_Req-$CommonName-" + "$Date" + ".csr"
}
Process
{
$InfFile = @"
[NewRequest]`r
Subject = "CN=$CommonName"`r
KeySpec = 1
KeyLength = 2048
Exportable = TRUE`r
RequestType = CMC`r
[Extensions]
2.5.29.17 = "{text}"
_continue_ = "dns=$CommonName&"`n
"@
foreach ($DNSName in $DNSNames){
$InfFile =$InfFile + @"
_continue_ = "dns=$DNSName&"`n
"@
}
$InfFile
$FinalInfFile = "Cert_Req_Inf-$CommonName-" + "$Date" + ".inf"
New-Item $FinalInfFile -type file -value $InfFile -Force
cmd /c "certreq -new $FinalInfFile $ReqFile"
}
End
{
}
}
$Hostnames = "test1.microsoft.com","test2.microsoft.com"
new-csr -CommonName "test0.microsoft.com" -DNSNames $HostNames
Subscribe to:
Posts (Atom)