Exchange Certificates

Anyone ever try monitoring an exchange certificate with an issuer of CN = Microsoft Exchange Server Auth Certificate.

I modified my script for certificates changing the issuer from our own CA to the one above but it doesn't read it, it says no certificates are expiring when the server shows one that goes on the 11th.

Here is the script in all its glory

$intThreshold = 30 # 730 days = 2 years
$dateDeadline = (Get-Date).AddDays($intThreshold)
$objStore = new-object System.Security.Cryptography.X509Certificates.X509Store("MY","LocalMachine")
$objStore.open("ReadOnly")
$count = 0
try {
$objStore.certificates | % {
If ($_.Issuer -like “CN = Microsoft Exchange Server Auth Certificate*”){

If ($_.NotAfter -lt $dateDeadline -and ($_.NotAfter - (Get-Date)).Days -gt 0) {
[int]$dateExpireDays = ($_.NotAfter - (Get-Date)).Days

If ($dateExpireDays -lt $intThreshold){
[string]$strSubject = $_.Subject
$ExpDate = ($_.NotAfter)
$CertSub = ($_.Subject)
Write-Host "Message.$count : Certificate $CertSub will expire within the next $intThreshold days on $ExpDate"
Write-Host "Statistic.$count : $dateExpireDays"
$count++
}
} else {
If (!$dateExpireDays){
[int]$dateExpireDays = ($_.NotAfter - (Get-Date)).Days
}

If($dateExpireDays){
[int]$dateExpireDaysNew = ($_.NotAfter - (Get-Date)).Days

If ($dateExpireDaysNew -lt $dateExpireDays){
If ($dateExpireDaysNew -gt 0){
$dateExpireDays = $dateExpireDaysNew
}
}
}
}
}
}
}
catch {
exit 2
}

if ($count -gt 0){
exit 3
} else {
If (!$dateExpireDays){
$dateExpireDays = 730
}
Write-Host "Message.$count : No Certificate Will Expire within next $intThreshold days."
Write-Host "Statistic.$count : $dateExpireDays"
exit 0
}
exit 0

any help is greatly appreciated.

Find more posts tagged with

sam

Accepted answers

All comments

raoof6784

It looks like the script might be missing certificates due to how the issuer name is being matched. Try adjusting the issuer comparison line to handle potential formatting issues more robustly. Here's an updated version of your script:

$intThreshold = 30 # 730 days = 2 years
$dateDeadline = (Get-Date).AddDays($intThreshold)
$objStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("MY", "LocalMachine")
$objStore.open("ReadOnly")
$count = 0
try {
$objStore.certificates | ForEach-Object {
If ($_.Issuer -like "*CN=Microsoft Exchange Server Auth Certificate*") {
If ($_.NotAfter -lt $dateDeadline -and ($_.NotAfter - (Get-Date)).Days -gt 0) {
[int]$dateExpireDays = ($_.NotAfter - (Get-Date)).Days

If ($dateExpireDays -lt $intThreshold) {
[string]$strSubject = $_.Subject
$ExpDate = ($_.NotAfter)
$CertSub = ($_.Subject)
Write-Host "Message.$count : Certificate $CertSub will expire within the next $intThreshold days on $ExpDate"
Write-Host "Statistic.$count : $dateExpireDays"
$count++
}
} else {
If (!$dateExpireDays) {
[int]$dateExpireDays = ($_.NotAfter - (Get-Date)).Days
}

If ($dateExpireDays) {
[int]$dateExpireDaysNew = ($_.NotAfter - (Get-Date)).Days

If ($dateExpireDaysNew -lt $dateExpireDays) {
If ($dateExpireDaysNew -gt 0) {
$dateExpireDays = $dateExpireDaysNew
}
}
}
}
}
}
}
catch {
exit 2
}

if ($count -gt 0) {
exit 3
} else {
If (!$dateExpireDays) {
$dateExpireDays = 730
}
Write-Host "Message.$count : No Certificate Will Expire within next $intThreshold days."
Write-Host "Statistic.$count : $dateExpireDays"
exit 0
}
exit 0

This should help match the issuer name correctly and catch any certificates that are expiring. Let me know if this resolves the issue! addrom bypass