How to check certificates expiration date using PowerShell

A best practice is having an automate process to check the certificates expiration date, let’s say 60 days before their expiration, in that way proactively you can start the process to request a new certificates, besides of your company request process this article will help you identify those certificates with expiration date before 60 days.

First things first, lets identify where the certificates are located. You can use this cmdlet in PowerShell to see how many containers you have:

PS C:\> Get-ChildItem -Path Cert:\*

At this point we will focus on the LocalMachine because in your servers the most important are the machine certificates.

 PS C:\> Get-ChildItem -Path Cert:\localmachine

As you can see in the list, we have the folder My, here we will find the certificates that we use for different applications, for example SQL, Exchange, Web, Skype for business, etc.

PS C:\> Get-ChildItem -Path Cert:\localmachine\my

And we get the list of certificates

You could use the Format-List option to see all details for these certificates as follow


As you can see in detail, we have the parameter NotAfter, this is the most important for us at this moment because it indicates the expiration date, so let’s get this information for these certificates.

PS C:\> Get-ChildItem -Path Cert:\localmachine\my | select NotAfter

With this line we will see only the expiration date for all certificates


Now let’s filter for the next 60 days using the Get-Date functions as follow

PS C:\> Get-ChildItem -Path Cert:\localmachine\my | ?{$_.NotAfter -lt (get-date).AddDays(60)}

If you remember, I had three certificates but only two have already expired or will expire.

If you want to see all details you can add the Format-List option at the end after a pipe “|”

PS C:\> Get-ChildItem -Path Cert:\localmachine\my | ?{$_.NotAfter -lt (get-date).AddDays(60)} | fl

From here you could automate this process and run every week and send the report to your team, also you can play with the different options to get only the expiration day, subject, Thumbprint, etc.

Thanks for reading

Invite me a beer!

Choose an amount

¤1.00
¤3.00
¤5.00

Your contribution is appreciated.

Donate

One thought on “How to check certificates expiration date using PowerShell”

  1. Pingback: New feature in M365 to avoid email flow issues on M365 – Tony Gonzalez

Leave a comment