Jan 252016

Little powershell script that checks the expiration date of a ssl certficate that is not added in local certificate store. We are using this script in an scheduled task to get an Warning-mail 30 days before the certficate expires.


# Checks the validation of a certificate 
# if the certificate expires in the next *DaysToExpiration*, an email is sent 
# to System Operations Team to inform them that they should order a new Certificate
# author: philipp.boss
# Version: 0.1  (2016-01-25)

$DaysToExpiration = 30  #notify 30 days before certificate is expired
$certFile = "D:\SSL_certs_for_filezilla\server.crt" 
# Receivers of the information message (Operations Team)
$to = @("email1@mail.com",  "email2@mail.com")
$smtpHost = "my-smtp-host.com"
$from = "userX@mail.com"  # this is the senders email address 

# check if file exists, otherwise send an email to Operations team to inform them that
# the configuration is wrong
If (Test-Path $certFile){
    $expirationDate = (Get-Date).AddDays($DaysToExpiration)

    # The certutil tool displays all information of a certificate
    # with select-string we filter for the end date of validation
    $dumpOutput = certutil.exe -dump $certFile | Select-String -Pattern ("NotAfter")
    $certificateEndDate = [datetime]::Parse( $dumpOutput.toString().Substring(11) )
    "Certificate is valid to:" 
    $expiresIn = $certificateEndDate.Subtract((Get-Date)).Days

    # check if certificate will expire in the next days (see variable DaysToExpiration)
    if ($certificateEndDate  -lt $expirationDate) {
        $expiresIn = $expiresIn = $certificateEndDate.Subtract((Get-Date)).Days
        $subject = "SSL Certificate on CADWorker Server $env:computername expires in $expiresIn"
        $body = "The SSL Certificate for FileZilla Server on Instance $env:computername will be " +
                "<b> invalid in $expiresIn days. </b><br><br>Please order a new SSL Certificate for " + 
                "$env:computername . <br><br>This Message was sent by a Scheduled Task."
        Send-MailMessage -To $to -Subject $subject -Body $body -SmtpServer $smtpHost -From $from -BodyAsHtml
     } else {
        "Zertifikat ist noch $expiresIn Tage gültig"

}else{  # Certificate file was not found, so I will send an Error-Mail to operations team 
    $subject = "SSL Certificate on CADWorker Server $env:computername was not found by scheduled task"
    $body = "The SSL Certificate for FileZilla Server on $env:computername that should be checked by " +
            "the checkCertificate Script (Scheduled Task) was not found.<br><br>Maybe the certFile " +
            "Parameter in the Script is not correct or the certificate was moved to another location." +
            "<br>The location where the scripts expects the certificate is: <br><b> $certFile </b>"
    Send-MailMessage -To $to -Subject $subject -Body $body -SmtpServer $smtpHost -From $from -BodyAsHtml

Sorry, the comment form is closed at this time.