Solved

Find Expiring SSL Certs inn Server 2003, 2008 and 2008r2

Posted on 2011-09-14
6
465 Views
Last Modified: 2012-05-12
I have a wildcard cert  expiring soon. This cert has been installed a quite a number of servers. I'm looking for a way to script the ability to find any cert that is expiring in the next 60 days on any 2003, 2008 or 2008r2 server.

Anyone have a solution like this already?
0
Comment
Question by:hcca
  • 4
6 Comments
 
LVL 8

Accepted Solution

by:
Shmoid earned 500 total points
ID: 36537469
Have a look at this: http://blogs.technet.com/b/heyscriptingguy/archive/2011/02/16/use-powershell-and-net-to-find-expired-certificates.aspx

It is a powershell script that will do some of what you want. The example given does not scan multiple servers but you coudl add a variable for computer name and loop through names from a list.
0
 

Author Comment

by:hcca
ID: 36537659
I've actually been looking at that site since yesterday. I've got the script working but it requires that PowerShell 2 be installed with winrm enabled. Few of our 2003 servers are set up this way. However, I did just install PS on one and the script worked fine from a remote server.

I may have to break down and install PS everywhere.
0
 

Author Comment

by:hcca
ID: 36537915
Actually it appears that PowerShell 2 may have been installed just about everywhere through Microsoft Updates and KB968930. So now, I'm wondering if you can give more specifics about running this script against multiple servers.

Ideally, I like to run it against a comma delimited file with each server listed on its own line and then have the output sent to another csv with full data rather than the truncated data shown on screen.
0
 

Author Comment

by:hcca
ID: 36540672
I've managed to get the following to work, based on the script pointed out by Shmoid. It is not pretty output but it works with only one problem. When the script errors on one of the computers and it prints the error, like "access denied" or "network path not found" there is no indication of which server caused the error. This is true of the onscreen error and the output file.

Any suggestions on how to modify this so the server triggering the error can be easily identified?

Also, the "`n============================" is not triggering a linefeed with the `n

#Number of days to look for expiring certificates

$threshold = 90

#Set deadline date

$deadline = (Get-Date).AddDays($threshold)

#set output variable

$text = "`n============================"

#Set ServerName

$a = Get-Content "C:\Temp\computers.txt"

foreach ($srvr in $a)
	{
	$srvr + $text | Format-table >>c:\certlog.txt

	$store=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$srvr\My","LocalMachine")

	$store.open("ReadOnly")

	$store.certificates | % {

	If ($_.NotAfter -lt $deadline) {

	$_ | Select Issuer, Subject, NotAfter, @{Label="ExpiresIn"; Expression={($_.NotAfter - (Get-Date)).Days}} | Format-table >>c:\certlog.txt
	}

}

}

Open in new window

0
 

Author Comment

by:hcca
ID: 36568723
I didn't get any more info on cleaning up the output of the script but it works well enough as it sits. Many thanks to Smoid to encouraging me to look at that script again.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
The viewer will learn how to dynamically set the form action using jQuery.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now