By running a simply PowerShell One-Liner we are able find all expired certificates stored in the Certificate Store. The store is accessible by using the PowerShell Drive cert:. To show all expired certificates on your Windows System run
Get-ChildItem cert:\ -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and $_.NotAfter -lt (Get-Date)} | Select-Object -Property FriendlyName,NotAfter
Well, I have to admit this is a Three-Liner.
For a nice view I would recommend running the command with ConverrtTo-Html. I’m sure your boss will love this user-friendly file.
Get-ChildItem cert:\ -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and $_.NotAfter -lt (Get-Date)} | Select-Object -Property FriendlyName,NotAfter | ConvertTo-Html | Set-Content C:\Temp\ExpiredCerts.htm
Categories: Cyber Security, PowerShell, Windows 10, Windows Server
My name is Patrick Gruenauer. From Austria.
SID-500.COM 
I like this but is there a way to also get servers on other domains at the same time?
LikeLike
BTW, I like yours better overall, since it checks overall cert store and not just IIS SSL bound items.
LikeLiked by 1 person
Very good, but quite rudimentary. Most times, we also will need more cert info. Some certs don’t appear to have “friendly name;” i.e. it’s blank, since it is optional. And something like this, but more elegant:
waithidden
powershell -ExecutionPolicy Bypass -command
“”$DaysToExpiration = 30 $expirationDate = (Get-Date).AddDays($DaysToExpiration)
$sites = Get-Website | ? { $_.State -eq “Started” } | % { $_.Name } $certs = Get-ChildItem IIS:SSLBindings |
? { $sites -contains $_.Sites.Value } | % { $_.Thumbprint } Get-ChildItem CERT:LocalMachine/My |
? { $certs -contains $_.Thumbprint -and $_.NotAfter -lt $expirationDate }
| out-file C:\iiscert.txt””
LikeLiked by 1 person