Check cert in 60days warning if did.

Dear expert

Below script is not working well for me, the error msg I get is:
Cannot convert value "30/05/2018 20:52:00"
Exception while checking URL https://google.com: Exception calling "GetResponse" with "0" argument(s)
Code is going to check cert if its 60 days left in cert or not...

Anyone know whats wrong?
Regards


 $minimumCertAgeDays = 60
 $timeoutMilliseconds = 10000
 $urls = @(
 "https://google.com"
 )
 [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
foreach ($url in $urls)
 {
 $req = [Net.HttpWebRequest]::Create($url)
 $req.Timeout = $timeoutMilliseconds
try {$req.GetResponse() |Out-Null} catch {Write-Host Exception while checking URL $url`: $_ -f Red}
[datetime]$expiration = $req.ServicePoint.Certificate.GetExpirationDateString()
 [int]$certExpiresIn = ($expiration - $(get-date)).Days
 $certName = $req.ServicePoint.Certificate.GetName()
 $certPublicKeyString = $req.ServicePoint.Certificate.GetPublicKeyString()
 $certSerialNumber = $req.ServicePoint.Certificate.GetSerialNumberString()
 $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
 $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString()
 $certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
if ($certExpiresIn -gt $minimumCertAgeDays){
 $certok = Write-Host Cert for site $url expires in $certExpiresIn days [on $expiration] -f Green}
 else{
 $certnotok = Write-Host Cert for site $url expires in $certExpiresIn days [on $expiration] Threshold is $minimumCertAgeDays days. Check details:`n`nCert name: $certName`nCert public key: $certPublicKeyString`nCert serial number: $certSerialNumber`nCert thumbprint: $certThumbprint`nCert effective date: $certEffectiveDate`nCert issuer: $certIssuer -f Red
 }
 }

Open in new window

LVL 1
WeTiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
your script works for me in windows 10

Scripts> . 'G:\Documents\WindowsPowerShell\Scripts\Untitled13.ps1' <# script is not saved yet #>
Cert for site https://google.com expires in 69 days [on 06/05/2018 14:16:00]
Cert for site https://microsoft.com expires in 659 days [on 01/16/2020 16:24:02]
Cert for site https://techsupport4me.com expires in 629 days [on 12/17/2019 07:40:47]

PS G:\Documents\WindowsPowerShell\Scripts>
0
David Johnson, CD, MVPOwnerCommented:
changed line 12 .. output from Windows Server 2008R2 (Windows 7)
  $minimumCertAgeDays = 60
 $timeoutMilliseconds = 10000
 $urls = @(
 "https://google.com","https://microsoft.com","https://techsupport4me.com"
 )
 [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
foreach ($url in $urls)
 {
 $req = [Net.HttpWebRequest]::Create($url)
 $req.Timeout = $timeoutMilliseconds
try {$req.GetResponse() |Out-Null} catch {Write-Host Exception while checking URL $url`: $_ -f Red}
$expiration = get-date($req.ServicePoint.Certificate.GetExpirationDateString())
 [int]$certExpiresIn = ($expiration - $(get-date)).Days
 $certName = $req.ServicePoint.Certificate.GetName()
 $certPublicKeyString = $req.ServicePoint.Certificate.GetPublicKeyString()
 $certSerialNumber = $req.ServicePoint.Certificate.GetSerialNumberString()
 $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
 $certEffectiveDate = get-date($req.ServicePoint.Certificate.GetEffectiveDateString())
 $certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
if ($certExpiresIn -gt $minimumCertAgeDays){
 $certok = Write-Host Cert for site $url expires in $certExpiresIn days [on $expiration] -f Green}
 else{
 $certnotok = Write-Host Cert for site $url expires in $certExpiresIn days [on $expiration] Threshold is $minimumCertAgeDays days. Check details:`n`nCert name: $certName`nCert public key: $certPublicKeyString`nCert serial number: $certSerialNumber`nCert thumbprint: $certThumbprint`nCert effective date: $certEffectiveDate`nCert issuer: $certIssuer -f Red
 }
 }

Open in new window

Exception while checking URL https://google.com: Exception calling "GetResponse" with "0" argument(s): "The operation has timed out"
Cert for site https://google.com expires in 63 days [on 05/30/2018 14:50:00]
Exception while checking URL https://microsoft.com: Exception calling "GetResponse" with "0" argument(s): "The operation has timed out"
Cert for site https://microsoft.com expires in 659 days [on 01/16/2020 16:24:02]
Exception while checking URL https://techsupport4me.com: Exception calling "GetResponse" with "0" argument(s): "The operation has timed out"
Cert for site https://techsupport4me.com expires in 629 days [on 12/17/2019 07:40:47]
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
It depends on what date format you have active. As long as you use US default, the default conversion of date strings works.
In addition, I always get an exception with your GetResponse because of a timeout. This is not related to the date issue, though, but your code just waiting for interaction which never takes place. Also, in case of a timeout, it doesn't make sense to try to get the certificate date.
Lastly, your final vars certOk and certNotOk are never set, as Write-Host doesn't return anything.
So better to use this:
$minimumCertAgeDays  = 60
$timeoutMilliseconds = 10000
$urls = @(
  "https://google.com"
)

cls
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
foreach ($url in $urls)
{
  $req = [Net.HttpWebRequest]::Create($url)
  $req.Timeout = $timeoutMilliseconds
  try {
    $req.GetResponse().Dispose()
    $cert = $req.ServicePoint.Certificate
    [datetime] $expiration    = get-date $cert.GetExpirationDateString()
    [int]      $certExpiresIn = ($expiration - $(get-date)).Days
    $certName            = $cert.GetName()
    $certPublicKeyString = $cert.GetPublicKeyString()
    $certSerialNumber    = $cert.GetSerialNumberString()
    $certThumbprint      = $cert.GetCertHashString()
    $certEffectiveDate   = $cert.GetEffectiveDateString()
    $certIssuer          = $cert.GetIssuerName()

    $msg = "Cert for site $url expires in $certExpiresIn days [on $expiration]."
    if ($certOk = $certExpiresIn -gt $minimumCertAgeDays) {
      $color = 'Green'
    } else {
      $color = 'Yellow'
      $msg += @"
      Threshold is $minimumCertAgeDays days. Check details:

      Cert name:           $certName
      Cert public key:     $certPublicKeyString
      Cert serial number:  $certSerialNumber
      Cert thumbprint:     $certThumbprint
      Cert effective date: $certEffectiveDate
      Cert issuer:         $certIssuer
"@
    }
    write-host $msg -f $color
  } catch { Write-Host Exception while checking URL $url`: $_ -f Red }
}

Open in new window

This only set certOk as a boolean - which is sufficient.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WeTiAuthor Commented:
Using Qlemo's option, thanks both.
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.