Solved

Can PowerShell read the Personal Store for certificate expiration dates?

Posted on 2009-07-07
3
2,008 Views
Last Modified: 2012-05-07
I'm looking for a PowerShell script that can access the Personal store on a Windows Server and alert on Certs about to expire.

Specifically: When the cert is going to expire in 15 days, write an event to the Application log.

Thanks,
Tom
0
Comment
Question by:martit01
3 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24801879

Hey,

That shouldn't be too tricky actually...

Can you see if this gives you the right certificates?

Get-ChildItem cert:\LocalMachine\My

If it does, all we need to do is filter on the "NotAfter" field and post the results to the event log, neither of which is particularly hard either.

Chris
0
 

Author Comment

by:martit01
ID: 24809457
I ran the cmdlet and got the below output....

Thumbprint                                                                          Subject
----------                                                                               -------
A3E3AE944D46CA0EBA599F148B23D40A33E183BF           CN=la-scomrms02.XXX.com

I don't see any expiration date. Was it suppose to show the expiration date?

Thanks,
Tom
0
 
LVL 5

Accepted Solution

by:
AbqBill earned 500 total points
ID: 24830945
Hi Tom, the X509Certificate2 object has a GetExpirationDateString() method that returns a string representation of the certificate's expiration date. Bill.
$certs = get-childitem cert:\LocalMachine\CA
 
$certs | foreach-object {
  $output = new-object PSObject
  $output | add-member NoteProperty -name Subject -value $_.Subject
  $output | add-member NoteProperty -name ExpirationDate -value $_.GetExpirationDateString()
  $output
}

Open in new window

0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Set OWA language and time zone in Exchange for individuals, all users or per database.
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question