I have a PS script that exports all certificates in a certificate authority store into a .csv file, goes through it and looks for certificates within X number of days given. It does not seem to return the desired results, instead it likes to grab a revoked certificate that has an expiry of 2018 if I set it to return expiring certificates within 300 days and also likes to return Exchange and OCSP certificates issued to the server as well but none of the certificates that actually matter (SSL server certs). I have pasted the code below if someone could look over it and let me know where it's going wrong. This is the base script that I used but on the server in question I have filled in the required details.
The script uses PS to extract each certificate's information into a tab delimited .csv file. The script then reads back the .csv file and goes through looking at the Expiry date of each line of the .csv file. When it finds an expiry date within the allocated time frame it adds it to another variable that it then uses to populate the email body with. I found this code. I did not write it.
Thanks in advance.
# variables [string]$caServerName= "<your ca server name\ca name>"[string]$caCertExportPath= "c:\Temp\certlist.csv"[string]$smtpSender= "no-reply@your-domain.com"[string]$smtpRecipient= "user@your-domain.com"[string]$smtpServer= "<fqdn of SMTP server>"[int]$daysUntilExpiry= 30 $expiringCerts= @() function Send-EmailCertNotice([string]$_certificateList) {$MailMessage= @{ To = $smtpRecipient From = $smtpSender Subject = @" The following issued digital certificates will expire soon. "@ Body = @" The following digital certificates issued by <your_company_name> will expire in the next ($daysUntilExpiry) days.Please request a certificate replacement/renewal from <e-mail@your-domain.com> if the following certificates are still needed.$_certificateList NOTE: This notification is being sent by an automated certificate management process andcannot receive reply e-mail. If you have any questions please contact <e-mail@your-domain.com>."@ Smtpserver = $smtpServer BodyAsHtml = $false ErrorAction = "SilentlyContinue" } Send-MailMessage@MailMessage } # export certs to CSV file certutil -view-config$caServerNamecsv > $caCertExportPath # load cert CSV into an array $issuedCerts= Import-Csv$caCertExportPathif ($issuedCerts.Length -gt0) { foreach($certin $issuedCerts) { try { $certExpires= [datetime]$cert."Certificate Expiration Date" $cert."Certificate Expiration Date"= $certExpires } catch [Exception] { } if ($certExpires-gt$(Get-Date) -and$certExpires-lt$(Get-Date).AddDays($daysUntilExpiry)) {# filter out EFS type certs. if ($cert."Certificate Template"-ne"EFS") { $expiringCerts+= $cert } } } $bodyVal= $expiringCerts| Select-Object@{n="Certificate ID"; e="Request ID"}, "Certificate Template","Certificate Expiration Date", "Issued Common Name", "Serial Number"
| Sort-Object"Certificate Expiration Date"| Out-String Send-EmailCertNotice$bodyVal