Solved

Can PowerShell read the Personal Store for certificate expiration dates?

Posted on 2009-07-07
3
2,042 Views
Last Modified: 2012-05-07
I'm looking for a PowerShell script that can access the Personal store on a Windows Server and alert on Certs about to expire.

Specifically: When the cert is going to expire in 15 days, write an event to the Application log.

Thanks,
Tom
0
Comment
Question by:martit01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24801879

Hey,

That shouldn't be too tricky actually...

Can you see if this gives you the right certificates?

Get-ChildItem cert:\LocalMachine\My

If it does, all we need to do is filter on the "NotAfter" field and post the results to the event log, neither of which is particularly hard either.

Chris
0
 

Author Comment

by:martit01
ID: 24809457
I ran the cmdlet and got the below output....

Thumbprint                                                                          Subject
----------                                                                               -------
A3E3AE944D46CA0EBA599F148B23D40A33E183BF           CN=la-scomrms02.XXX.com

I don't see any expiration date. Was it suppose to show the expiration date?

Thanks,
Tom
0
 
LVL 5

Accepted Solution

by:
AbqBill earned 500 total points
ID: 24830945
Hi Tom, the X509Certificate2 object has a GetExpirationDateString() method that returns a string representation of the certificate's expiration date. Bill.
$certs = get-childitem cert:\LocalMachine\CA
 
$certs | foreach-object {
  $output = new-object PSObject
  $output | add-member NoteProperty -name Subject -value $_.Subject
  $output | add-member NoteProperty -name ExpirationDate -value $_.GetExpirationDateString()
  $output
}

Open in new window

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question