To find certificates in IIS that are expiring within the next 30 days, you can use PowerShell to automate the process. Run the following command in an elevated PowerShell window.
This script retrieves all certificates stored in the Local Machine's "My" store and filters those expiring within the next 30 days. It displays the certificate subject and expiration date, helping administrators take proactive renewal actions. Regularly running this check can prevent service disruptions due to expired SSL certificates.
function Get-IISSiteCertificates {
$iisSites = Get-WebSite
$assignedCerts = @()
foreach ($site in $iisSites) {
$bindings = Get-WebBinding -Name $site.Name
foreach ($binding in $bindings) {
if ($binding.Protocol -eq "https") {
$certThumbprint = $binding.CertificateThumbprint
$cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$certThumbprint"
if ($cert) {
$assignedCerts += [PSCustomObject]@{
SiteName = $site.Name
CertificateName = $cert.FriendlyName
ExpirationDate = $cert.NotAfter
CertificateThumbprint = $cert.Thumbprint
}
}
}
}
}
$assignedCerts | Format-Table
}
# Example usage:
Get-IISSiteCertificates
OR
You can also try below script
function Get-IISSiteCertificates {
$httpsBindings = Get-WebBinding | Where-Object {$_.Protocol -eq "https"}
foreach ($binding in $httpsBindings) {
$siteName = (Get-WebSite -Name $binding.Name).Name
$certThumbprint = $binding.CertificateThumbprint
Write-Host "Certificate for site: $siteName"
Write-Host "Certificate Thumbprint: $certThumbprint"
$cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$certThumbprint"
if ($cert) {
Write-Host "Certificate Name: $($cert.FriendlyName)"
Write-Host "Expiration Date: $($cert.NotAfter)"
}
Write-Host "----------------------------------------"
}
}
# Example usage:
Get-IISSiteCertificates
0 Comments:
Post a Comment