Solved

Can PowerShell read the Personal Store for certificate expiration dates?

Posted on 2009-07-07
3
2,020 Views
Last Modified: 2012-05-07
I'm looking for a PowerShell script that can access the Personal store on a Windows Server and alert on Certs about to expire.

Specifically: When the cert is going to expire in 15 days, write an event to the Application log.

Thanks,
Tom
0
Comment
Question by:martit01
3 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24801879

Hey,

That shouldn't be too tricky actually...

Can you see if this gives you the right certificates?

Get-ChildItem cert:\LocalMachine\My

If it does, all we need to do is filter on the "NotAfter" field and post the results to the event log, neither of which is particularly hard either.

Chris
0
 

Author Comment

by:martit01
ID: 24809457
I ran the cmdlet and got the below output....

Thumbprint                                                                          Subject
----------                                                                               -------
A3E3AE944D46CA0EBA599F148B23D40A33E183BF           CN=la-scomrms02.XXX.com

I don't see any expiration date. Was it suppose to show the expiration date?

Thanks,
Tom
0
 
LVL 5

Accepted Solution

by:
AbqBill earned 500 total points
ID: 24830945
Hi Tom, the X509Certificate2 object has a GetExpirationDateString() method that returns a string representation of the certificate's expiration date. Bill.
$certs = get-childitem cert:\LocalMachine\CA
 
$certs | foreach-object {
  $output = new-object PSObject
  $output | add-member NoteProperty -name Subject -value $_.Subject
  $output | add-member NoteProperty -name ExpirationDate -value $_.GetExpirationDateString()
  $output
}

Open in new window

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
Set OWA language and time zone in Exchange for individuals, all users or per database.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question