Cyber Security

How to find expired Certificates with PowerShell

By running a simply PowerShell One-Liner we are able find all expired certificates stored in the Certificate Store. The store is accessible by using the PowerShell Drive cert:. To show all expired certificates on your Windows System run

Get-ChildItem cert:\ -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and $_.NotAfter -lt (Get-Date)} | Select-Object -Property FriendlyName,NotAfter

Unbenannt.PNG

Well, I have to admit this is a Three-Liner.

For a nice view I would recommend running the command with ConverrtTo-Html. I’m sure your boss will love this user-friendly file.

Get-ChildItem cert:\ -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and $_.NotAfter -lt (Get-Date)} | Select-Object -Property FriendlyName,NotAfter | ConvertTo-Html | Set-Content C:\Temp\ExpiredCerts.htm

Unbenannt.PNG

2 replies »

  1. Very good, but quite rudimentary. Most times, we also will need more cert info. Some certs don’t appear to have “friendly name;” i.e. it’s blank, since it is optional. And something like this, but more elegant:
    waithidden
    powershell -ExecutionPolicy Bypass -command
    “”$DaysToExpiration = 30 $expirationDate = (Get-Date).AddDays($DaysToExpiration)
    $sites = Get-Website | ? { $_.State -eq “Started” } | % { $_.Name } $certs = Get-ChildItem IIS:SSLBindings |
    ? { $sites -contains $_.Sites.Value } | % { $_.Thumbprint } Get-ChildItem CERT:LocalMachine/My |
    ? { $certs -contains $_.Thumbprint -and $_.NotAfter -lt $expirationDate }
    | out-file C:\iiscert.txt””

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.