Showing posts with label Certificate. Show all posts
Showing posts with label Certificate. Show all posts

Wednesday, February 12, 2025

// // Leave a Comment

Solved- How to find certificates that are expiring within the next 30 days on Windows Server PowerShell Script

 

SSL certificates play a crucial role in ensuring secure communication between servers and clients. However, if they aren't properly managed and renewed before expiration, it can lead to downtime or security risks. Fortunately, Windows Server administrators can easily monitor SSL certificate expiration dates using PowerShell, allowing them to proactively renew certificates and avoid disruptions.

In this blog, we’ll walk you through how to use PowerShell to identify certificates expiring within the next 30 days on a Windows Server, providing you with a script that can help streamline this process.

Why Monitor Expiring Certificates?

An expired certificate can cause various issues, including:

  • Service Disruption: Websites and applications relying on SSL/TLS certificates might stop functioning securely.
  • Security Risks: Expired certificates can make encrypted connections vulnerable, leaving data exposed.
  • Trust Issues: Visitors to your website might see security warnings, eroding trust in your brand.

By regularly monitoring your certificates, you ensure that your systems remain secure and reliable.

PowerShell Script to Find Expiring Certificates

PowerShell makes it easy to automate the task of checking for expiring certificates on your Windows Server. With the following script, you can quickly identify certificates expiring in the next 30 days.

PowerShell Script:

# Define the number of days to check for expiring certificates
$daysToCheck = 30

# Get the current date and time
$currentTime = Get-Date

# Calculate the expiration date threshold
$expirationThreshold = $currentTime.AddDays($daysToCheck)

# Get all certificates from the personal store of the local machine
$certificates = Get-ChildItem -Path Cert:\LocalMachine\My

# Filter the certificates to only include those that expire within the threshold
$expiringCertificates = $certificates | Where-Object {$_.NotAfter -lt $expirationThreshold}

# Display the expiring certificates
if ($expiringCertificates -ne $null) {
  Write-Host "Certificates Expiring in the Next $daysToCheck Days:"
  foreach ($cert in $expiringCertificates) {
    Write-Host "Subject: $($cert.Subject)"
    Write-Host "Expiration Date: $($cert.NotAfter)"
    Write-Host "Thumbprint: $($cert.Thumbprint)"
    Write-Host "----------------------------------------"
  }
} else {
  Write-Host "No certificates are expiring in the next $daysToCheck days."
}

 

 The script first defines the threshold date You can change it as per your requirement.

Read More
// // Leave a Comment

Solved- How to find certificates in IIS that are expiring within the next 30 days

 

To find certificates in IIS that are expiring within the next 30 days, you can use PowerShell to automate the process. Run the following command in an elevated PowerShell window.

 

This script retrieves all certificates stored in the Local Machine's "My" store and filters those expiring within the next 30 days. It displays the certificate subject and expiration date, helping administrators take proactive renewal actions. Regularly running this check can prevent service disruptions due to expired SSL certificates.

 

 

function Get-IISSiteCertificates {
    $iisSites = Get-WebSite
    $assignedCerts = @()

    foreach ($site in $iisSites) {
        $bindings = Get-WebBinding -Name $site.Name
        foreach ($binding in $bindings) {
            if ($binding.Protocol -eq "https") {
                $certThumbprint = $binding.CertificateThumbprint
                $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$certThumbprint"
                if ($cert) {
                    $assignedCerts += [PSCustomObject]@{
                        SiteName        = $site.Name
                        CertificateName = $cert.FriendlyName
                        ExpirationDate  = $cert.NotAfter
                        CertificateThumbprint = $cert.Thumbprint
                    }
                }
            }
        }
    }

    $assignedCerts | Format-Table
}

# Example usage:
Get-IISSiteCertificates 


OR

You can also try below script

 

function Get-IISSiteCertificates {
    $httpsBindings = Get-WebBinding | Where-Object {$_.Protocol -eq "https"}
    
    foreach ($binding in $httpsBindings) {
        $siteName = (Get-WebSite -Name $binding.Name).Name
        $certThumbprint = $binding.CertificateThumbprint
        
        Write-Host "Certificate for site: $siteName"
        Write-Host "Certificate Thumbprint: $certThumbprint"
        
        $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$certThumbprint"
        if ($cert) {
            Write-Host "Certificate Name: $($cert.FriendlyName)"
            Write-Host "Expiration Date: $($cert.NotAfter)"
        }
        
        Write-Host "----------------------------------------"
    }
}

# Example usage:
Get-IISSiteCertificates

 


Read More