Posts

Showing posts from September, 2017

Powershell : Certutil Find Expired Certs on CA server

Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query. $Before = (get-date).adddays(90).ToString("MM/dd/yyyy") $After = (get-date).AddDays(-5).ToString("MM/dd/yyyy") <# https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/ We create a date range with $Before, i.e. certificates expiring before this date, and $After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter. #> $Restrict = "NotAfter<=$Before,NotAfter>=$After" $Report = @() $cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template" $SplitLines = $cmd.Split("`n`r") $Index = 0 foreach ($line in $S…

Powershell: Generate CSR

Wrote this function to generate SAN certificate requests. This isn't a robust solution, nor does it follow best practice, it is more of a hey it works with a Microsoft CA.


 #https://social.technet.microsoft.com/Forums/Lync/en-US/b4e27454-c60f-4346-9f7d-22214f49ab6f/create-inf-file-to-create-req-using-certreqexe?forum=winserversecurity

Found a more correct script after i wrote this here https://pscsr256.codeplex.com/

<# .Synopsis Generate CSR by Tony Unger .DESCRIPTION Generates CSR .EXAMPLE new-csr -CommonName "test0.microsoft.com" -DNSNames $HostNames .EXAMPLE new-csr -CommonName "test0.microsoft.com" #> function new-csr { [CmdletBinding()] [Alias()] [OutputType([int])] Param ( # Common name for request [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)] $CommonName, # SAN DNS names [string[]] $DNSNames …