Link to home
Start Free TrialLog in
Avatar of Charlie_Melega
Charlie_Melega

asked on

How to identify Certificates that will expire (in N days) or have expired

Hello,

I am looking for a way to query for when certificates on Microsoft Server will expire (in 'N' days) or have expired. I attempted using 'certutil' but didn’t have any luck. Is there a way to do this in SQL or the registry?

Thanks in advance!
Avatar of James Murrell
James Murrell
Flag of United Kingdom of Great Britain and Northern Ireland image

Not a ideal way, but when we purchase them we put them in the group calendar so we cann all see when... I know this is not ideal but it does work
You can script it to get the certificate and then use openssl to verify/extract the information you want. Something as referenced in http://stackoverflow.com/questions/5467111/trying-to-get-ssl-certificate-errors might get you on the way.

http:#a35712699 is the best way to track and simple to manage from the begining. and this way you can also have a process that notifies you.
If these are commercial SSL certificates, the vendor will likely notify you that the certificates are up for renewal (if they care about repeat business).
Avatar of noci
noci

If you happen to be using icinga or nagios the check_tcp plugin will tell you this.

The plugins can also be used as a standalone.
http://www.icinga.org/
or
http://www.nagios.org/
ASKER CERTIFIED SOLUTION
Avatar of marek1712
marek1712
Flag of Poland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Charlie_Melega

ASKER

Hello marek1712,

Thanks for the Powershell script suggestion. I think this would be the nest way for me to go. However, when I ran the Powershell script, it looks like I received a syntax error as shown in the attached graphic:

 User generated image
Now THAT is strange as it's working under my Win7...
I don't know why it's bugging you ith ":". You could try removing the semicolon and place Get-ChildItem and the rest in the second line (I know it's not that sign...). Did you try to launch it in Powershell ISE?
Yup, removing the semicolon and moving everything, starting with Get-ChildItem, to the next line worked nicely.


Thanks again, nice work!
No problem :)