$Before = (get-date).adddays(90).ToString("MM/dd/yyyy") $After = (get-date).AddDays(-5).ToString("MM/dd/yyyy") <# https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/ We create a date range with $Before, i.e. certificates expiring before this date, and $After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter. #> $Restrict = "NotAfter<=$Before,NotAfter>=$After" $Report = @() $cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template" $SplitLines = $cmd.Split("`n`r") $Index = 0 foreach ($line in $SplitLines){ if ($line -like "Row*" ){ $Details = New-Object PSObject $Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","") $Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","") $Details | Add-Member noteProperty "Certificate Expiration Date" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","") if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") { $TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","") } Else { write-host "hit" $templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","") } $Details | Add-Member noteProperty "Certificate Template" $TemplateName $report += $Details } $Index++ } $report
These are just random notes and programs that may have incomplete descriptions. Any scripts or programs use at your risk
Wednesday, September 20, 2017
Powershell : Certutil Find Expired Certs on CA server
Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query.
Subscribe to:
Post Comments (Atom)
-
Running solidcore you may run into a problem where you have to disable it with out using epo or the local CLI Here are the steps. ...
-
Save the following as a batch file and run as a local admin account: REM REM icacls c:\Windows\inf\usbstor.inf /reset i...
-
Purpose: This script will search AD for all servers and report any shares(includes printers) This script will do 50 servers...
Hi, I'm new with powershell scripting.
ReplyDeleteI'm trying to run this script with a certificate template name that i need but something is not working, I'm getting the message: You cannot call a method on a null-valued expression.
+ $Details | Add-Member noteProperty "NotAfter" $SplitLines[$in ...
can you advise what is wrong in the script.
thanks,
$Before = (get-date).adddays(30).ToString("MM/dd/yyyy")
$After = (get-date).AddDays(-0).ToString("MM/dd/yyyy")
<#
https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/
We create a date range with
$Before, i.e. certificates expiring before this date, and
$After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter.
#>
#$templateName1 = '1.3.6.1.4.1.311.21.8.8008174.2097614.15483563.10087481.10944406.3.5570057.1621657'
$Restrict = "NotAfter <= $Before ,NotAfter >= $After"
$Report = @()
$cmd = & certutil -view -restrict $Restrict -out "RequesterName,CommonName,NotAfter","certificate Template"
# | Where-Object{ ($_.Oid.FriendlyName -eq 'Certificate Template Information') -and ($_.Format(0) -match $templateName1) }
$SplitLines = $cmd.Split("`n`r")
$Index = 0
foreach ($line in $SplitLines){
if ($line -like "Row*" ){
$Details = New-Object PSObject
$Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","")
$Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","")
$Details | Add-Member noteProperty "NotAfter" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","")
if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") {
$TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","")
}
Else {
write-host "hit"
$templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","")
}
$Details | Add-Member noteProperty "Certificate Template" $TemplateName
$report += $Details
}
$Index++
}
$report