Solved

Find Expiring SSL Certs inn Server 2003, 2008 and 2008r2

Posted on 2011-09-14
6
473 Views
Last Modified: 2012-05-12
I have a wildcard cert  expiring soon. This cert has been installed a quite a number of servers. I'm looking for a way to script the ability to find any cert that is expiring in the next 60 days on any 2003, 2008 or 2008r2 server.

Anyone have a solution like this already?
0
Comment
Question by:hcca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 8

Accepted Solution

by:
Shmoid earned 500 total points
ID: 36537469
Have a look at this: http://blogs.technet.com/b/heyscriptingguy/archive/2011/02/16/use-powershell-and-net-to-find-expired-certificates.aspx

It is a powershell script that will do some of what you want. The example given does not scan multiple servers but you coudl add a variable for computer name and loop through names from a list.
0
 

Author Comment

by:hcca
ID: 36537659
I've actually been looking at that site since yesterday. I've got the script working but it requires that PowerShell 2 be installed with winrm enabled. Few of our 2003 servers are set up this way. However, I did just install PS on one and the script worked fine from a remote server.

I may have to break down and install PS everywhere.
0
 

Author Comment

by:hcca
ID: 36537915
Actually it appears that PowerShell 2 may have been installed just about everywhere through Microsoft Updates and KB968930. So now, I'm wondering if you can give more specifics about running this script against multiple servers.

Ideally, I like to run it against a comma delimited file with each server listed on its own line and then have the output sent to another csv with full data rather than the truncated data shown on screen.
0
 

Author Comment

by:hcca
ID: 36540672
I've managed to get the following to work, based on the script pointed out by Shmoid. It is not pretty output but it works with only one problem. When the script errors on one of the computers and it prints the error, like "access denied" or "network path not found" there is no indication of which server caused the error. This is true of the onscreen error and the output file.

Any suggestions on how to modify this so the server triggering the error can be easily identified?

Also, the "`n============================" is not triggering a linefeed with the `n

#Number of days to look for expiring certificates

$threshold = 90

#Set deadline date

$deadline = (Get-Date).AddDays($threshold)

#set output variable

$text = "`n============================"

#Set ServerName

$a = Get-Content "C:\Temp\computers.txt"

foreach ($srvr in $a)
	{
	$srvr + $text | Format-table >>c:\certlog.txt

	$store=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$srvr\My","LocalMachine")

	$store.open("ReadOnly")

	$store.certificates | % {

	If ($_.NotAfter -lt $deadline) {

	$_ | Select Issuer, Subject, NotAfter, @{Label="ExpiresIn"; Expression={($_.NotAfter - (Get-Date)).Days}} | Format-table >>c:\certlog.txt
	}

}

}

Open in new window

0
 

Author Comment

by:hcca
ID: 36568723
I didn't get any more info on cleaning up the output of the script but it works well enough as it sits. Many thanks to Smoid to encouraging me to look at that script again.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
The viewer will learn how to dynamically set the form action using jQuery.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question