• 7
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Extract Certificate Information automatically

In my current setting I have 16 production servers and another 16 to 20 on Dev and QA servers. I also have a lot of certificates in them. We are trying to inventory everything so that we dont miss out on any certificate expiration alerts (we had that happen on production and it made a good amount of impact to the business).

I can go to MMC and right click on each node and export the list, but this is way too time consuming for 40+ machines. Is there a way to get this done automatically? Any scripts or tools to do so?

Thanks,

RV

It's possible this question will get moved onto another StackExchange site, but I'll supply an answer nonetheless.

Little bit of PowerShell magic should make this fairly simple. PowerShell can navigate the certificate store as if it were any other drive (like navigating the file system.)

To list all certificates on the system:

Get-ChildItem -Path Cert:\ -Recurse

If you only want the certs installed as the Current user, just change the 'directory':

Get-ChildItem -Path Cert:\CurrentUser -Recurse

(Note that the above commands return the 'folder' name followed by all the contained certs, which depending on what you're doing it could get messy.)

I assume from your question that you're only really worried about SSL Server Authentication Certs, so you can specifically get only those (and limit the output to only show the Subject, Path and Expiry of the Certs):

Get-ChildItem -Path Cert:\ -Recurse -SSLServerAuthentication | Select Subject, PSParentPath, NotAfter

You can then look at things like exporting the list to a CSV file (or database or whatever other method you want to use to collect them) and then onto running these on the remote servers from one central workstation and collect all the info locally.

  • 0
Reply Report

Trending Tags