Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.
A simple command line using Certutil to dump out all issued certificates on the server about to expire in the next 60 days:
certutil -view -restrict "NotAfter>now,NotAfter<=now+60,Disposition=20" -out RequestID,RequesterName,Request.CommonName,CommonName,UPN,NotBefore,NotAfter,SerialNumber,CertificateTemplate,CertificateHash
...creative uses: Schedule a monthly task in the Windows Task Scheduler with two Components; the first to generate the list and pipe it to a file and the second to mail the text file generated by the 1st part to a DL with your admins in it.
Bonus Points: Do it in Powershell using Regular Expressions, string replacement and Format-Table to get a sleek ouput :)
Thanks, I have an immediate use for that.
For extra bonus points double check when your web server SSL certificate is due to expire:
curl -vIs https://www.example.com 2>&1 >/dev/null | grep "expire date"