detox1978
asked on
VBScript: Output all SSL certificate expiry dates to txt file
hi all,
I've recently started at a new company and they dont have any documentation on when SSL certificates expire.
So i was hoping to be able to get this information via a VBScript.
We have both IIS5 and IIS6.
many thanks
I've recently started at a new company and they dont have any documentation on when SSL certificates expire.
So i was hoping to be able to get this information via a VBScript.
We have both IIS5 and IIS6.
many thanks
disposition==21 is for revoked certs if that helps you any
ASKER
All of the certificates are with verisign.
I'd also like to get the imtermidaite certs.
I'd also like to get the imtermidaite certs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay in getting back to you.
I dont have access to the verisign control panel and it would be quite bad if we had to ask the customer to get this info' as they would assume we already monitor it.
Is there a way to export the details in '> certificates (local computer) > personal > certificate' via a script ?
I dont have access to the verisign control panel and it would be quite bad if we had to ask the customer to get this info' as they would assume we already monitor it.
Is there a way to export the details in '> certificates (local computer) > personal > certificate' via a script ?
Probably the best way would be to use a PowerShell script(http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx)
The last variable would be whatever type of Key Usage you like to search for:
PS C:\ > Get-ChildItem cert:\CurrentUser\My -codesign
I'm still getting familiar with PowerShell myself in my spare time, but that should at least get you in the right direction. Unfortunately there is not really a good way using normal PKI tools like certutil and openssl - there may be a way to do it with openssl with Subversion, but I have not used that to know and I am not finding anything quickly searching it.
The last variable would be whatever type of Key Usage you like to search for:
PS C:\ > Get-ChildItem cert:\CurrentUser\My -codesign
I'm still getting familiar with PowerShell myself in my spare time, but that should at least get you in the right direction. Unfortunately there is not really a good way using normal PKI tools like certutil and openssl - there may be a way to do it with openssl with Subversion, but I have not used that to know and I am not finding anything quickly searching it.
This can also be done with just a simple batch script:
certutil -view -config %FDQN%\%CA_Name% -restrict disposition==20 /out "request id,certificate template,serial
number,Certificate Expiration Date" > test.txt
Here is a generic list of column headers that you can use in the log (put within the quotes in above example):
Request ID
Requester Name
Binary Certificate
Certificate Template
Serial Number
Certificate Effective Date
Certificate Expiration Date
Issued Country/Region
Issued Organization
Issued Organization Unit
Issued Common Name
Issued City
Issued State
Issued Email Address