Check for expired certificates: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
 
Line 2: Line 2:


Removal can be done using [[certutil]]
Removal can be done using [[certutil]]
Definitely bugs in it -> static parse on "sha1", more should be included here. And the amount of lines also has more variables...


<syntaxhighlight lang="powershell">
<syntaxhighlight lang="powershell">

Latest revision as of 13:29, 28 April 2014

powershell to get all certificates fromm ntauth/ntauthcertificates in Active Directory and see if they're still valid.

Removal can be done using certutil

Definitely bugs in it -> static parse on "sha1", more should be included here. And the amount of lines also has more variables...

$foundcertificates=@()

$allcerts=certutil -store -enterprise NTAuth
for($i=1;$i -lt $allcerts.count;$i++)
{

	$tempObj = New-Object -TypeName PSObject
	$tempObj | Add-Member -MemberType NoteProperty -Name Name -Value $allcerts[$i].replace("=","")
	$i++
	$tempObj | Add-Member -MemberType NoteProperty -Name Serial -Value $allcerts[$i].trimstart("Serial Number:")
	$i++
	$tempObj | Add-Member -MemberType NoteProperty -Name Issuer -Value $allcerts[$i].trimstart("Issuer:")
	$i++
	$tempObj | Add-Member -MemberType NoteProperty -Name NotBefore -Value $allcerts[$i].trimstart(" NotBefore:")
	$i++
	$tempObj | Add-Member -MemberType NoteProperty -Name NotAfter -Value $allcerts[$i].trimstart(" NotAfter:")
	$i++
	$tempObj | Add-Member -MemberType NoteProperty -Name Subject -Value $allcerts[$i].trimstart("Subject:")
	$i++
	if($allcerts[$i] -eq "Signature matches Public Key")
	{
		$i++
	}
	if($allcerts[$i] -eq "CA Version: V0.0")
	{
		$i++
		$i++
	}
	$i++
	$tempObj | Add-Member -MemberType NoteProperty -Name Hash -Value $allcerts[$i].trimstart("Cert Hash(sha1):")
	if($allcerts[$i-3] -eq "CA Version: V0.0")
	{
		$i++
		$i++
		$i++
		$i++
	}
	$i++
	$i++
	$i++
	$foundcertificates+=$tempObj
}

$today = get-date

foreach($cert in $foundcertificates)
{
	[datetime]$var=$cert.notafter
	if($var -le $today)
	{
		write-host $cert.name" is expired since "$cert.notafter -BackgroundColor red -ForegroundColor black
	}
	else
	{
		write-host $cert.name" is still valid untill "$cert.notafter -BackgroundColor green -ForegroundColor black
	}

}