Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How to identify Certificates that will expire (in N days) or have expired

Posted on 2011-05-06
Medium Priority
Last Modified: 2012-05-11

I am looking for a way to query for when certificates on Microsoft Server will expire (in 'N' days) or have expired. I attempted using 'certutil' but didn’t have any luck. Is there a way to do this in SQL or the registry?

Thanks in advance!
Question by:Charlie_Melega
LVL 31

Expert Comment

by:James Murrell
ID: 35712699
Not a ideal way, but when we purchase them we put them in the group calendar so we cann all see when... I know this is not ideal but it does work
LVL 81

Expert Comment

ID: 35712760
You can script it to get the certificate and then use openssl to verify/extract the information you want. Something as referenced in http://stackoverflow.com/questions/5467111/trying-to-get-ssl-certificate-errors might get you on the way.

http:#a35712699 is the best way to track and simple to manage from the begining. and this way you can also have a process that notifies you.
If these are commercial SSL certificates, the vendor will likely notify you that the certificates are up for renewal (if they care about repeat business).
LVL 41

Expert Comment

ID: 35714980
If you happen to be using icinga or nagios the check_tcp plugin will tell you this.

The plugins can also be used as a standalone.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 11

Accepted Solution

marek1712 earned 2000 total points
ID: 35715824
A little PowerShell script that let's you know about expired certificates or the ones that will expire in the next 60 days:
$date=Get-Date; Get-ChildItem cert:\LocalMachine -Recurse | Select-Object PSPath, Subject, NotAfter | Where-Object {$_.NotAfter -lt $date.AddDays(60)} | Format-List Subject, PSPath, NotAfter

Open in new window


Author Comment

ID: 35723174
Hello marek1712,

Thanks for the Powershell script suggestion. I think this would be the nest way for me to go. However, when I ran the Powershell script, it looks like I received a syntax error as shown in the attached graphic:

LVL 11

Expert Comment

ID: 35723260
Now THAT is strange as it's working under my Win7...
I don't know why it's bugging you ith ":". You could try removing the semicolon and place Get-ChildItem and the rest in the second line (I know it's not that sign...). Did you try to launch it in Powershell ISE?

Author Comment

ID: 35724432
Yup, removing the semicolon and moving everything, starting with Get-ChildItem, to the next line worked nicely.

Thanks again, nice work!
LVL 11

Expert Comment

ID: 35732267
No problem :)

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question