Little powershell script that checks the expiration date of a ssl certficate that is not added in local certificate store. We are using this script in an scheduled task to get an Warning-mail 30 days before the certficate expires.
# Checks the validation of a certificate
# if the certificate expires in the next *DaysToExpiration*, an email is sent
# to System Operations Team to inform them that they should order a new Certificate
# author: philipp.boss
# Version: 0.1 (2016-01-25)
$DaysToExpiration = 30 #notify 30 days before certificate is expired
$certFile = "D:\SSL_certs_for_filezilla\server.crt"
# Receivers of the information message (Operations Team)
$to = @("email1@mail.com", "email2@mail.com")
$smtpHost = "my-smtp-host.com"
$from = "userX@mail.com" # this is the senders email address
# check if file exists, otherwise send an email to Operations team to inform them that
# the configuration is wrong
If (Test-Path $certFile){
$expirationDate = (Get-Date).AddDays($DaysToExpiration)
# The certutil tool displays all information of a certificate
# with select-string we filter for the end date of validation
$dumpOutput = certutil.exe -dump $certFile | Select-String -Pattern ("NotAfter")
$certificateEndDate = [datetime]::Parse( $dumpOutput.toString().Substring(11) )
"Certificate is valid to:"
$certificateEndDate.ToString("dd.MM.yyyy")
$expiresIn = $certificateEndDate.Subtract((Get-Date)).Days
$expiresIn
# check if certificate will expire in the next days (see variable DaysToExpiration)
if ($certificateEndDate -lt $expirationDate) {
$expiresIn = $expiresIn = $certificateEndDate.Subtract((Get-Date)).Days
$subject = "SSL Certificate on CADWorker Server $env:computername expires in $expiresIn"
$body = "The SSL Certificate for FileZilla Server on Instance $env:computername will be " +
"<b> invalid in $expiresIn days. </b><br><br>Please order a new SSL Certificate for " +
"$env:computername . <br><br>This Message was sent by a Scheduled Task."
Send-MailMessage -To $to -Subject $subject -Body $body -SmtpServer $smtpHost -From $from -BodyAsHtml
} else {
"Zertifikat ist noch $expiresIn Tage gültig"
}
}else{ # Certificate file was not found, so I will send an Error-Mail to operations team
$subject = "SSL Certificate on CADWorker Server $env:computername was not found by scheduled task"
$body = "The SSL Certificate for FileZilla Server on $env:computername that should be checked by " +
"the checkCertificate Script (Scheduled Task) was not found.<br><br>Maybe the certFile " +
"Parameter in the Script is not correct or the certificate was moved to another location." +
"<br>The location where the scripts expects the certificate is: <br><b> $certFile </b>"
Send-MailMessage -To $to -Subject $subject -Body $body -SmtpServer $smtpHost -From $from -BodyAsHtml
}