powershell script for SSL expiry

Posted on 2012-09-18
Last Modified: 2014-04-02

we have taken the script from this website

and modified it to return only those certificates expiring within the next 30 days.

Original script:
get-childitem cert: -recurse | where-object {$_.NotAfter -gt (get-date)} | select Subject,@{Name="Expires in (Days)";Expression={($_.NotAfter).subtract([DateTime]::Now).days}} | Sort "Expires in (Days)"

Modified script: - change in bold
get-childitem cert: -recurse | where-object {$_.NotAfter -lt (get-date).adddays(30) }| select Subject,@{Name="Expires in (Days)";Expression={($_.NotAfter).subtract([DateTime]::Now).days}} | Sort "Expires in (Days)"

this has the unfortunate consequence of displaying the SSL certificates that have already expired, which we are not interested in as they are system installed certificates.

What we are hoping is to modify the expression to return only the certificates expiring in the future.  We assume this would need to return results between todays date and 30 days in the future but we cannot work out how to do this.

does anyone have a suggestion on how to resolve this?

Kind regards

Question by:vodyanoi
    LVL 16

    Accepted Solution

    Replace the "where"-clause with this:

    where-object {$_.NotAfter -gt (get-date) -and $_.NotAfter -lt (get-date).adddays(30)}

    This should bring the desired result.

    Author Closing Comment


    Having tested this I can confirm this does exactly what we need.

    I can see now how to include the and logical operator.  When we tried we placed the enclosing brackets in the wrong locations.

    Many thanks for this

    LVL 5

    Expert Comment

    Any chance either of would know how to exclude self signed certs via this powershell command?

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
    Set OWA language and time zone in Exchange for individuals, all users or per database.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now