$Before = (get-date).adddays(90).ToString("MM/dd/yyyy") $After = (get-date).AddDays(-5).ToString("MM/dd/yyyy") <# https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/ We create a date range with $Before, i.e. certificates expiring before this date, and $After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter. #> $Restrict = "NotAfter<=$Before,NotAfter>=$After" $Report = @() $cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template" $SplitLines = $cmd.Split("`n`r") $Index = 0 foreach ($line in $SplitLines){ if ($line -like "Row*" ){ $Details = New-Object PSObject $Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","") $Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","") $Details | Add-Member noteProperty "Certificate Expiration Date" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","") if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") { $TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","") } Else { write-host "hit" $templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","") } $Details | Add-Member noteProperty "Certificate Template" $TemplateName $report += $Details } $Index++ } $report
These are just random notes and programs that may have incomplete descriptions. Any scripts or programs use at your risk
Wednesday, September 20, 2017
Powershell : Certutil Find Expired Certs on CA server
Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query.
Tuesday, September 12, 2017
Powershell: Generate CSR
Wrote this function to generate SAN certificate requests. This isn't a robust solution, nor does it follow best practice, it is more of a hey it works with a Microsoft CA.
#https://social.technet.microsoft.com/Forums/Lync/en-US/b4e27454-c60f-4346-9f7d-22214f49ab6f/create-inf-file-to-create-req-using-certreqexe?forum=winserversecurity
Found a more correct script after i wrote this here https://pscsr256.codeplex.com/
#https://social.technet.microsoft.com/Forums/Lync/en-US/b4e27454-c60f-4346-9f7d-22214f49ab6f/create-inf-file-to-create-req-using-certreqexe?forum=winserversecurity
Found a more correct script after i wrote this here https://pscsr256.codeplex.com/
<# .Synopsis Generate CSR by Tony Unger .DESCRIPTION Generates CSR .EXAMPLE new-csr -CommonName "test0.microsoft.com" -DNSNames $HostNames .EXAMPLE new-csr -CommonName "test0.microsoft.com" #> function new-csr { [CmdletBinding()] [Alias()] [OutputType([int])] Param ( # Common name for request [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)] $CommonName, # SAN DNS names [string[]] $DNSNames ) Begin { $Date = (Get-Date).ToString('ddMMyyyy') $ReqFile = "Cert_Req-$CommonName-" + "$Date" + ".csr" } Process { $InfFile = @" [NewRequest]`r Subject = "CN=$CommonName"`r KeySpec = 1 KeyLength = 2048 Exportable = TRUE`r RequestType = CMC`r [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=$CommonName&"`n "@ foreach ($DNSName in $DNSNames){ $InfFile =$InfFile + @" _continue_ = "dns=$DNSName&"`n "@ } $InfFile $FinalInfFile = "Cert_Req_Inf-$CommonName-" + "$Date" + ".inf" New-Item $FinalInfFile -type file -value $InfFile -Force cmd /c "certreq -new $FinalInfFile $ReqFile" } End { } } $Hostnames = "test1.microsoft.com","test2.microsoft.com" new-csr -CommonName "test0.microsoft.com" -DNSNames $HostNames
Subscribe to:
Posts (Atom)
-
Running solidcore you may run into a problem where you have to disable it with out using epo or the local CLI Here are the steps. ...
-
List Certificate Templates function get-CertificateTemplates { [ CmdletBinding ()] Param ( [ Parameter ( Mandatory = $True, Va...
-
Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke...