I have taken the ever popular certificate monitor and attempted to modify it What I am looking to do is look for a certain issuer and alert when only those certificates reach ## number of days before expiration.
It worked for some servers but for others it sits there and yields a status of nothing that is expiring.
Here is my script. (this is run locally in SW. Some of the servers are agent monitored and the others are wmi.
$intThreshold = 60 # 730 days = 2 years
$dateDeadline = (Get-Date).AddDays($intThreshold)
$objStore = new-object System.Security.Cryptography.X509Certificates.X509Store("MY","LocalMachine")
$objStore.open("ReadOnly")
$count = 0
try {
$objStore.certificates | % {
If ($_.Issuer -like “CN=UH S CA *, DC=uhhs, DC=com”){
If ($_.NotAfter -lt $dateDeadline -and ($_.NotAfter - (Get-Date)).Days -gt 0) {
[int]$dateExpireDays = ($_.NotAfter - (Get-Date)).Days
If ($dateExpireDays -lt $intThreshold){
[string]$strSubject = $_.Subject
$ExpDate = ($_.NotAfter)
$CertSub = ($_.Subject)
Write-Host "Message.$count : Certificate $CertSub will expire within the next $intThreshold days on $ExpDate"
Write-Host "Statistic.$count : $dateExpireDays"
$count++
}
} else {
If (!$dateExpireDays){
[int]$dateExpireDays = ($_.NotAfter - (Get-Date)).Days
}
If($dateExpireDays){
[int]$dateExpireDaysNew = ($_.NotAfter - (Get-Date)).Days
If ($dateExpireDaysNew -lt $dateExpireDays){
If ($dateExpireDaysNew -gt 0){
$dateExpireDays = $dateExpireDaysNew
}
}
}
}
}
}
}
catch {
exit 2
}
if ($count -gt 0){
exit 3
} else {
If (!$dateExpireDays){
$dateExpireDays = 730
}
Write-Host "Message.$count : No Certificate Will Expire within next $intThreshold days."
Write-Host "Statistic.$count : $dateExpireDays"
exit 0
}
exit 0
-----------------------------
Anyone with any kind of sort of ideas, I would love to hear them.
