AD Troubleshooting

AD and Domain-related issues and troubleshooting methods for Active Directory.

Quick inventory of all certificates expiring in the next XX days

Quick inventory of all certificates expiring in the next XX days

  • Comments 1
  • Likes

A simple command line using Certutil to dump out all issued certificates on the server about to expire in the next 60 days:

certutil -view -restrict "NotAfter>now,NotAfter<=now+60,Disposition=20" -out RequestID,RequesterName,Request.CommonName,
CommonName,UPN,NotBefore,
NotAfter,SerialNumber,CertificateTemplate,
CertificateHash

 

...creative uses: Schedule a monthly task in the Windows Task Scheduler with two Components; the first to generate the list and pipe it to a file and the second to mail the text file generated by the 1st part to a DL with your admins in it.

Bonus Points: Do it in Powershell using Regular Expressions, string replacement and Format-Table to get a sleek ouput :)

Comments
  • Thanks, I have an immediate use for that.

    For extra bonus points double check when your web server SSL certificate is due to expire:

     curl -vIs https://www.example.com 2>&1 >/dev/null |  grep "expire date"

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment