stackoom
  简体   繁体   中英

certutil dump - expiration date p12 - powershell

 原文  2019-11-13 10:50:04       windows/ powershell/ certificate

Question

I am not really a programmer but I am trying to get fixed a Powershell script that would help me get the expiration date from a P12 certificate on file.

This is the command:

   C:\>certutil.exe -dump c:\1\p_CERT.p12
Certificates: Not Encrypted
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: 03g3
Issuer: CN=COMPANY MY  CA v2, O=Company SL, C=GL
 NotBefore: 2012-06-20 11:47
 NotAfter: 2022-06-20 11:46
Subject: CN=COMPANY MY CA v2, O=Company SL, C=GL
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 1234124214214214214sdada122
----------------  End Nesting Level 1  ----------------
No key provider information
Cannot find the certificate and private key for decryption.

================ Certificate 1 ================
================ Begin Nesting Level 1 ================
Element 1:
Serial Number: 2100
Issuer: CN=COMPANY MY CA v2, O=Company SL, C=GL
 NotBefore: 2018-12-07 08:48
 NotAfter: 2020-12-07 08:48             
Subject: CN=private_CERT + SERIALNUMBER=445566778899, O=OTHER_Company, C=GL
Non-root Certificate
Cert Hash(sha1): 1234423hhhshshhshsh444423232
----------------  End Nesting Level 1  ----------------
  Key Container = PfxContainer
  Provider = PfxProvider
Encryption test FAILED
CertUtil: -dump command completed successfully.

The interesting part is the second one, that with the SERIALNUMBER, the "NotAfter: 2020-12-07 08:48"

Using this one as a source of inspiration ( https://gist.github.com/banterCZ/9bd6aa1ab49995fdf018 ), thanks banterCZ, I tried the following. But it is not working as the result is not the field "NotAfter". Any thoughts how to get this part out "NotAfter: 2020-12-07 08:48" with the script?

########################################################
#
#       Check certificates inside a p12 certificate file
#
########################################################

[CmdletBinding()]
Param(
    [Parameter(Mandatory=$True)]
    [string]$location,

    [Parameter(Mandatory=$True)]
    [int]$threshold
)

[System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"

$certutil="certutil.exe"
$certificate = Invoke-Expression "$certutil -dump '$location'"

foreach($line in $certificate){    
    if($line.Contains("Element 1:")){    
        $index = $line.Substring(0,20)
        write-host $index
        $dateAsString = $line | Select-String -Pattern 'NotAfter' | foreach {$_.groups[""].value}
        write-host $dateAsString
        #$expirationDate = [datetime]::parseexact($dateAsString,"ddd MMM dd HH:mm:ss yyyy",$null)
        break
    }
}

$now = ([System.DateTime]::Now)
$daysToExpire = [int]($expirationDate - $now).TotalDays

if ($threshold -lt $daysToExpire) {
    Write-Host "[OK] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
    exit 0
} elseif ($daysToExpire -lt 0) {
    Write-Host "[CRITICAL] Certificate $alias has already expired."
    exit 2
} else {
    Write-Host "[WARNING] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
    exit 1
}

thanks!

1 answers

solution1
 1 ACCPTED  2019-11-14 13:24:54

Thanks to a good buddy, JI is this script fixed. I hope it helps someone else out there.

It looks for the line with the SERIALNUMBER, saves 1 line behind to a variable and so on.

########################################################
#
#       Check certificates inside a p12 file
#       J.I., banterCZ, trustbyte & stackoverflow
#
########################################################

[CmdletBinding()]
Param(
    [Parameter(Mandatory=$True)]
    [string]$location,

    [Parameter(Mandatory=$True)]
    [string]$certserial,

    [Parameter(Mandatory=$True)]
    [int]$warning,

    [Parameter(Mandatory=$True)]
    [int]$critical

)

[System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"

$certutil="certutil.exe"
$certificate = $(Invoke-Expression "$certutil -dump '$location'")


$row = [array]::IndexOf($certificate,$certificate -match "$certserial")
$notbefore = $certificate[$row-1]
$notbefore = $notbefore.ToString().Replace(" NotAfter: ","")
$now = (Get-Date).tostring("yyyy-MM-dd HH:mm")

$date1 = get-date $notbefore
$date2 = get-date $now
$daysToExpire = [int]($date1-$date2).TotalDays


if ($daysToExpire -lt $critical) {
    Write-Host "[CRITICAL] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)."
    exit 2
} elseif ($daysToExpire -lt $warning) {
    Write-Host "[WARNING] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)."
    exit 1
} else {
    Write-Host "[OK] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)"
    exit 0
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Windows asks for p12 password when installing p12 key generated by openssl Sign a string using PFX/P12 certificate in Windows using C how do you convert your aps_developer_identity.cer to a .p12 to use with windows Using an XP batch file to import a p12 certificate into the Certificates (Local Computer) \personal store Powershell set-adaccount expiration based on creation date property MySQL Dump with PowerShell SSL certificate expiration date on Windows Powershell parameter error 'p' Force the password expiration date for a LOCAL user account Unhashing with certutil in batchfile
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM