(imported topic written by Tim.Rice)
I’ve been asked if IEM can track/find Security Certificates that are either expired or that are about to expire.
I would think it appropriate to simply locate all Certificates and associate their Expiration dates with them.
Microsoft TechNet has
an article
about how to “Use PowerShell to Find Certificates that are About to Expire”.
Has anyone done anything similar before?
(imported comment written by jgstew)
I’ve been wondering about the best way to get at the info in certs through relevance. I was trying to track down a WMI query that would do this. The info is in the registry, but it is not easy to decode.
I would prefer a way to query the info using relevance, but even if a task could be run to dump out the data periodically and then read the results in with an analysis, it would be something.
written by Tim.Rice
One of our guys here has written a PowerShell script that will identify any Certs that are going to expire within a given period of time, or that have already expired, the script then exports the Cert information to a text file. From IEM I should then be able to execute the PS script as a Task and identify if the file exists with data in it and return a TRUE value letting us know that someone needs to touch the machine and decide what to do with the expired/expiring Certs.
If we get it working, I’ll try to post the code up on BigFix.me
Thanks, that would be very helpful.
written by AlanM
There are some limited inspectors that could use some expansion that only will show the invalid before not invalid after. These also have limited scope as they only work on files
http://support.bigfix.com/inspectors/Authorization%20Objects_Any.html#x509%20certificate
written by jgstew
An inspector that would read the cert info in the registry would be useful. I suppose I need to file an RFE.
written by LBowser
Any news on finding expired certs and is there a way to do this on unix systems?