You can use this as a starting point for checking the explicit dates, or range of cert expiration dates, in a script:
$certHash = "D3A6E7B1746DFA37D4B93263AAA1348A2BA41720"
Get-ChildItem -Path cert:\LocalMachine\My -Recurse |
Where-Object {$_.Thumbprint -eq $cert} |
Select-Object NotAfter
You can use this as a starting point for checking the explicit dates, or range of cert expiration dates, in a script:
$certHash = "D3A6E7B1746DFA37D4B93263AAA1348A2BA41720"
Get-ChildItem -Path cert:\LocalMachine\My -Recurse |
Where-Object {$_.Thumbprint -eq $cert} |
Select-Object NotAfter
Hi there,
To find certificates that will expire in the next 30 days on all domain servers, use this PowerShell script:
$servers= (Get-ADComputer -LDAPFilter "(&(objectCategory=computer)(operatingSystem=Windows Server*) (!serviceprincipalname=MSClusterVirtualServer) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))").Name
$result=@()
foreach ($server in $servers)
{
$ErrorActionPreference="SilentlyContinue"
$getcert=Invoke-Command -ComputerName $server { Get-ChildItem -Path Cert:\LocalMachine\My -Recurse -ExpiringInDays 30}
foreach ($cert in $getcert) {
$result+=New-Object -TypeName PSObject -Property ([ordered]@{
'Server'=$server;
'Certificate'=$cert.Issuer;
'Expires'=$cert.NotAfter
})
}
}
Write-Output $result
------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–
How do I check when my SSL certificate expires?
How do I check SSL certificate details?
How do I check if my SSL certificate is valid?
Get-ChildItem cert:\LocalMachine\My will list all of the machine certificates installed.
to do the same to a remote server, use remoting:
Invoke-Command -ComputerName $servername -ScriptBlock {Get-ChildItem cert:\LocalMachine\My}
or all of your servers:
$certs = Get-ADComputer -SearchBase 'ou=servers,dc=something,dc=com' -filter *
| % { Invoke-Command -ComputerName $_.name -ScriptBlock
{ Get-ChildItem cert:\LocalMachine\my }
}'
easiest way to do this would be with a simple curl of the website using the following flags:
curl -ILv https://yourdomainhere.com
in the output, you'll find an expire string "expire date" that looks something like this:
* expire date: 2016-05-19 20:59:53 GMT
use pycurl to get this to work, ingest it as a string, then pull out the relevant data. OR, you could use the following python script for *nix boxes to test from (it's a bit rough and could use tweaking to accept all hosts/domains to check):
import os
os.system("echo|openssl s_client -connect mydomain.com:443 | openssl x509 -noout -dates > ~/testfile.txt")
I know this is an old one, but thought I would answer anyway.
Your syntax is mostly correct:
openssl s_client -showcerts -servername example.com -connect example.com:443 | openssl x509 -noout -dates
the -servername is what you need for OpenSSL to do an SNI request.
EDIT: I should also note that if all you want to know is when the cert is expiring, just toss a grep at the end of that:
... | grep '^notAfter'
You can also check that using CURL in verbose mode by the header
curl -vIk https://www.stackoverflow.com
And just look for Server certificate: You'll see the expiring date right bellow it
UPDATE
According to @harlandgomez over the comment section, shortly, we can do:
curl https://www.stackoverflow.com -vk 2>&1 | grep 'expire '