ps/Modules/Alkami.DevOps.Certificates/Public/Get-ExpiringCertificates.ps1

function Get-ExpiringCertificates {
<#
.SYNOPSIS
Gets certificates that will expire soon.

.DESCRIPTION
Takes a list of machines and connects to their certificate stores, compares the expiration date
to a configureable threshold date. If the expiration date is less than the threshold date the
certificate is returned in a list.

.PARAMETER ComputerName
[string[]]One or more computers on which to get expired certificates from.

.PARAMETER ExpirationThreshold
[int] An amount of days you wish to set the threshold.
Note* Can be negative. Defaults to 30

.EXAMPLE
Get-ExpiringCertificates "Server1","Server2"
Will connect to these servers in parallel, and retrieve certificates that are due to expire within 30 days or less from now.


.EXAMPLE
Get-ExpiringCertificates "Server1","Server2" -Threshold 90
Will connect to these servers in parallel, and retrieve certificates that are due to expire within 90 days or less from now.
#>
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [Alias("Servers","Machines")]
        [string[]]$ComputerName,
        [Parameter(Mandatory=$false)]
        [int]$ExpirationThreshold = 30
    )

    begin{
        #Ensure there are machines to connect to
        $sessions = New-PSSession $ComputerName -ErrorAction SilentlyContinue;
        $Unreachable = $ComputerName | Where-Object {$sessions.ComputerName -notcontains $_}
        if($Unreachable){Write-Host "Could not connect to $Unreachable";}
        if(!$sessions){throw "Could not connect to any machines";}
    }
    process{
        $ScriptBlock = {
            param($ExpirationThreshold);

            $personalStore = [System.Security.Cryptography.X509Certificates.StoreName]::My;
            $machineStore =  [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine;

            $certificates = [Alkami.Ops.Common.Cryptography.CertificateHelper]::GetAllCertificates($personalStore, $machineStore, $env:COMPUTERNAME);

            $expirationThresholdDate = (Get-Date).AddDays($ExpirationThreshold);

            #Filter certificates by threshold date
            $expiredCertificates = $certificates | Where-Object {$_.notAfter -lt $expirationThresholdDate} | `
                Select-Object @{N="Machine";E={$env:COMPUTERNAME}},@{N="ExpirationDate";E={$_.NotAfter}},`
                @{N="DaysRemaining";E={(New-TimeSpan -start (get-date) -end $_.notAfter | Select-Object -ExpandProperty days)}},Thumbprint,FriendlyName,Subject;

            if($expiredCertificates){Write-Output $expiredCertificates;}
        }

        #Connect to machines and execute
        $expiredCertificates = Invoke-Command -Session $sessions -ScriptBlock $ScriptBlock -ArgumentList $ExpirationThreshold;

        Remove-PSSession $sessions;

        return $expiredCertificates;
    }
}
First full commit 2023-05-30 22:51:22 -07:00			`function Get-ExpiringCertificates {`
			`<#`
			`.SYNOPSIS`
			`Gets certificates that will expire soon.`

			`.DESCRIPTION`
			`Takes a list of machines and connects to their certificate stores, compares the expiration date`
			`to a configureable threshold date. If the expiration date is less than the threshold date the`
			`certificate is returned in a list.`

			`.PARAMETER ComputerName`
			`[string[]]One or more computers on which to get expired certificates from.`

			`.PARAMETER ExpirationThreshold`
			`[int] An amount of days you wish to set the threshold.`
			`Note* Can be negative. Defaults to 30`

			`.EXAMPLE`
			`Get-ExpiringCertificates "Server1","Server2"`
			`Will connect to these servers in parallel, and retrieve certificates that are due to expire within 30 days or less from now.`


			`.EXAMPLE`
			`Get-ExpiringCertificates "Server1","Server2" -Threshold 90`
			`Will connect to these servers in parallel, and retrieve certificates that are due to expire within 90 days or less from now.`
			`#>`
			`[CmdletBinding()]`
			`param(`
			`[Parameter(Mandatory=$true)]`
			`[Alias("Servers","Machines")]`
			`[string[]]$ComputerName,`
			`[Parameter(Mandatory=$false)]`
			`[int]$ExpirationThreshold = 30`
			`)`

			`begin{`
			`#Ensure there are machines to connect to`
			`$sessions = New-PSSession $ComputerName -ErrorAction SilentlyContinue;`
			`$Unreachable = $ComputerName \| Where-Object {$sessions.ComputerName -notcontains $_}`
			`if($Unreachable){Write-Host "Could not connect to $Unreachable";}`
			`if(!$sessions){throw "Could not connect to any machines";}`
			`}`
			`process{`
			`$ScriptBlock = {`
			`param($ExpirationThreshold);`

			`$personalStore = [System.Security.Cryptography.X509Certificates.StoreName]::My;`
			`$machineStore = [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine;`

			`$certificates = [Alkami.Ops.Common.Cryptography.CertificateHelper]::GetAllCertificates($personalStore, $machineStore, $env:COMPUTERNAME);`

			`$expirationThresholdDate = (Get-Date).AddDays($ExpirationThreshold);`

			`#Filter certificates by threshold date`
			$expiredCertificates = $certificates \| Where-Object {$_.notAfter -lt $expirationThresholdDate} \| `
			Select-Object @{N="Machine";E={$env:COMPUTERNAME}},@{N="ExpirationDate";E={$_.NotAfter}},`
			`@{N="DaysRemaining";E={(New-TimeSpan -start (get-date) -end $_.notAfter \| Select-Object -ExpandProperty days)}},Thumbprint,FriendlyName,Subject;`

			`if($expiredCertificates){Write-Output $expiredCertificates;}`
			`}`

			`#Connect to machines and execute`
			`$expiredCertificates = Invoke-Command -Session $sessions -ScriptBlock $ScriptBlock -ArgumentList $ExpirationThreshold;`

			`Remove-PSSession $sessions;`

			`return $expiredCertificates;`
			`}`
			`}`