site1.erralert.com

← Security & certificates

Local certificate expiry powershell

Download cert-expiry.ps1

Walks the LocalMachine\My cert store and reports the soonest-to-expire certificate. Catches internal-only certs (IIS, RDS, services) that public-internet SSL checks cannot see.

Placeholders only. Before running, replace YOUR_URL with your capture endpoint's POST URL . (Open this page from your capture object to have these auto-filled.) 
# cert-expiry.ps1 — soonest expiring cert in LocalMachine\My.

$Url   = "YOUR_URL/certs"
$Certs = Get-ChildItem Cert:\LocalMachine\My -ErrorAction SilentlyContinue

if ($Certs.Count -gt 0) {
  $Sorted = $Certs | Sort-Object NotAfter
  $Soonest = $Sorted[0]
  $DaysLeft = [int]($Soonest.NotAfter - (Get-Date)).TotalDays
  $Body = (@{
    hostname           = $env:COMPUTERNAME
    cert_count         = $Certs.Count
    soonest_subject    = $Soonest.Subject
    soonest_thumbprint = $Soonest.Thumbprint
    soonest_not_after  = $Soonest.NotAfter.ToString("o")
    soonest_days_left  = $DaysLeft
  }) | ConvertTo-Json -Compress
} else {
  $Body = (@{
    hostname           = $env:COMPUTERNAME
    cert_count         = 0
    soonest_days_left  = 999999
  }) | ConvertTo-Json -Compress
}

Invoke-RestMethod -Uri $Url -Method Post -Body $Body `
  -ContentType "application/json" -TimeoutSec 15 | Out-Null

Recommended pairing

Add a capture.value check to this capture object.
json_path = soonest_days_left, op = <, threshold = 30.

What is the filename?

cert-expiry.ps1 — this is the suggested name for the downloaded file. Rename freely if you prefer.