70 lines
2.7 KiB
PowerShell
70 lines
2.7 KiB
PowerShell
function Get-ExpiringCertificates {
|
|
<#
|
|
.SYNOPSIS
|
|
Gets certificates that will expire soon.
|
|
|
|
.DESCRIPTION
|
|
Takes a list of machines and connects to their certificate stores, compares the expiration date
|
|
to a configureable threshold date. If the expiration date is less than the threshold date the
|
|
certificate is returned in a list.
|
|
|
|
.PARAMETER ComputerName
|
|
[string[]]One or more computers on which to get expired certificates from.
|
|
|
|
.PARAMETER ExpirationThreshold
|
|
[int] An amount of days you wish to set the threshold.
|
|
Note* Can be negative. Defaults to 30
|
|
|
|
.EXAMPLE
|
|
Get-ExpiringCertificates "Server1","Server2"
|
|
Will connect to these servers in parallel, and retrieve certificates that are due to expire within 30 days or less from now.
|
|
|
|
|
|
.EXAMPLE
|
|
Get-ExpiringCertificates "Server1","Server2" -Threshold 90
|
|
Will connect to these servers in parallel, and retrieve certificates that are due to expire within 90 days or less from now.
|
|
#>
|
|
[CmdletBinding()]
|
|
param(
|
|
[Parameter(Mandatory=$true)]
|
|
[Alias("Servers","Machines")]
|
|
[string[]]$ComputerName,
|
|
[Parameter(Mandatory=$false)]
|
|
[int]$ExpirationThreshold = 30
|
|
)
|
|
|
|
begin{
|
|
#Ensure there are machines to connect to
|
|
$sessions = New-PSSession $ComputerName -ErrorAction SilentlyContinue;
|
|
$Unreachable = $ComputerName | Where-Object {$sessions.ComputerName -notcontains $_}
|
|
if($Unreachable){Write-Host "Could not connect to $Unreachable";}
|
|
if(!$sessions){throw "Could not connect to any machines";}
|
|
}
|
|
process{
|
|
$ScriptBlock = {
|
|
param($ExpirationThreshold);
|
|
|
|
$personalStore = [System.Security.Cryptography.X509Certificates.StoreName]::My;
|
|
$machineStore = [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine;
|
|
|
|
$certificates = [Alkami.Ops.Common.Cryptography.CertificateHelper]::GetAllCertificates($personalStore, $machineStore, $env:COMPUTERNAME);
|
|
|
|
$expirationThresholdDate = (Get-Date).AddDays($ExpirationThreshold);
|
|
|
|
#Filter certificates by threshold date
|
|
$expiredCertificates = $certificates | Where-Object {$_.notAfter -lt $expirationThresholdDate} | `
|
|
Select-Object @{N="Machine";E={$env:COMPUTERNAME}},@{N="ExpirationDate";E={$_.NotAfter}},`
|
|
@{N="DaysRemaining";E={(New-TimeSpan -start (get-date) -end $_.notAfter | Select-Object -ExpandProperty days)}},Thumbprint,FriendlyName,Subject;
|
|
|
|
if($expiredCertificates){Write-Output $expiredCertificates;}
|
|
}
|
|
|
|
#Connect to machines and execute
|
|
$expiredCertificates = Invoke-Command -Session $sessions -ScriptBlock $ScriptBlock -ArgumentList $ExpirationThreshold;
|
|
|
|
Remove-PSSession $sessions;
|
|
|
|
return $expiredCertificates;
|
|
}
|
|
}
|