So I needed a script that I could run as a scheduled task that would alert me if there were any certificates that were due to expire soon from our servers. Some of our web servers will need their certificates renewing in the future that can’t be auto-renewed so thought this was the best time to put something in place to automatically alert the team when a certificate is due to expire and so action can be made ahead of time instead of when it happens.

I adapted my script  from the following blog article here, found that the script was buggy and would stall if a server was offline or if there was an issue with invoking the command remotely so I had introduced an if statement first to check if a server was online and to output the result to the console if so and to also turn the invoke command into a job and introduce a timeout so if for any issues the command block can’t be executed the script won’t hang and get stuck, it can just timeout. Lastly, I turned the object array into a string and did a check to see if the string was empty, null or had whitespaces and to do nothing if so and if the string has a value then the script will send an email with the certificates that are set to expire.

$servers= Get-ADComputer -Filter * -Searchbase "OU=Contoso Servers,OU=Contoso Computers,DC=contoso,DC=local" | Select-Object -Expandproperty Name

[email protected]()
 
foreach ($i in $servers)
 


{

$ErrorActionPreference="SilentlyContinue"

if (Test-Connection -ComputerName $i -Count 1 -Quiet)
    {
    Write-Host "$i is online"
        $a=Invoke-Command -ComputerName $i {Get-ChildItem Cert:\LocalMachine\My -Recurse |Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and $_.NotAfter -gt (Get-Date) -and $_.NotAfter -lt (Get-Date).AddDays(14)}} -erroraction $ErrorActionPreference
     

    } else {

        Write-Host "$i is offline"
    }
 



 
foreach ($c in $a) {
 
$result+=New-Object -TypeName PSObject -Property ([ordered]@{
'Server'=$i;
'Certificate'=$c.Issuer;
'Expires'=$c.NotAfter
})

}
}

$smtpServer = "IP address or dns name of mail server"
$from = "[email protected]"
$subject = "Alert: Certificate Expiry Notification"
$reportTo = "[email protected]"
 

$body = $result | Format-Table -HideTableHeaders | Out-String -Width 1000



IF([string]::IsNullOrWhiteSpace($body))
{Write-Host "No Certificates set to expire"}

else

{ 
Send-MailMessage -smtpServer $smtpServer -from $from -to $reportTo -subject $subject -body "This is a notification to inform that the following certificates will expire soon: $body" -priority High -ErrorAction SilentlyContinue 
 
}


One Comment

  • Howdy,

    Must say your website looks quite ok. Good job.
    However, if you want your website to be really successful, then make sure you use the best tools to optimize your online content.
    Otherwise it won’t be on the top of Google search results and no-one will know about it. I’m sure you didn’t create this website to just be online, but to attract new people/customers.

    Few months ago my friend convinced me to use tools from below article and I have to say it helped me soo much:
    https://janzac.com/resources/

    I hope it will help you as well.
    Keep up the good work and you will eventually build a big online business.
    //Lucy

Leave a Reply

Your email address will not be published. Required fields are marked *