$Before = (get-date).adddays(90).ToString("MM/dd/yyyy") $After = (get-date).AddDays(-5).ToString("MM/dd/yyyy") <# https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/ We create a date range with $Before, i.e. certificates expiring before this date, and $After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter. #> $Restrict = "NotAfter<=$Before,NotAfter>=$After" $Report = @() $cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template" $SplitLines = $cmd.Split("`n`r") $Index = 0 foreach ($line in $SplitLines){ if ($line -like "Row*" ){ $Details = New-Object PSObject $Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","") $Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","") $Details | Add-Member noteProperty "Certificate Expiration Date" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","") if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") { $TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","") } Else { write-host "hit" $templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","") } $Details | Add-Member noteProperty "Certificate Template" $TemplateName $report += $Details } $Index++ } $report
These are just random notes and programs that may have incomplete descriptions. Any scripts or programs use at your risk
Wednesday, September 20, 2017
Powershell : Certutil Find Expired Certs on CA server
Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query.
Subscribe to:
Post Comments (Atom)
-
Running solidcore you may run into a problem where you have to disable it with out using epo or the local CLI Here are the steps. ...
-
Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke...
-
List Certificate Templates function get-CertificateTemplates { [ CmdletBinding ()] Param ( [ Parameter ( Mandatory = $True, Va...
Hi, I'm new with powershell scripting.
ReplyDeleteI'm trying to run this script with a certificate template name that i need but something is not working, I'm getting the message: You cannot call a method on a null-valued expression.
+ $Details | Add-Member noteProperty "NotAfter" $SplitLines[$in ...
can you advise what is wrong in the script.
thanks,
$Before = (get-date).adddays(30).ToString("MM/dd/yyyy")
$After = (get-date).AddDays(-0).ToString("MM/dd/yyyy")
<#
https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/
We create a date range with
$Before, i.e. certificates expiring before this date, and
$After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter.
#>
#$templateName1 = '1.3.6.1.4.1.311.21.8.8008174.2097614.15483563.10087481.10944406.3.5570057.1621657'
$Restrict = "NotAfter <= $Before ,NotAfter >= $After"
$Report = @()
$cmd = & certutil -view -restrict $Restrict -out "RequesterName,CommonName,NotAfter","certificate Template"
# | Where-Object{ ($_.Oid.FriendlyName -eq 'Certificate Template Information') -and ($_.Format(0) -match $templateName1) }
$SplitLines = $cmd.Split("`n`r")
$Index = 0
foreach ($line in $SplitLines){
if ($line -like "Row*" ){
$Details = New-Object PSObject
$Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","")
$Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","")
$Details | Add-Member noteProperty "NotAfter" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","")
if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") {
$TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","")
}
Else {
write-host "hit"
$templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","")
}
$Details | Add-Member noteProperty "Certificate Template" $TemplateName
$report += $Details
}
$Index++
}
$report
Hello mate nice post
ReplyDelete