如何使用 Powershell 查找僅 IIS 的 SSL 證書何時過期以獲取來自 OU 的服務器列表?
[英]How can I use Powershell to find when an SSL certificate expires for ONLY IIS for a list of servers from OU?
問題描述
我有這部分代碼,如果我只能讓腳本只回復存在的主題(指示 IIS 證書),那么我可以完成......(我有 OU 枚舉和調用部分向下,以及用於安排任務的文件的電子郵件):[注意:我將到期時間設置為 500 天,因此我可以稍后使用腳本來查找特定的到期時間] [注意 2:$day 在我的 $profile 中設置to '$day = Get-Date -Format yyyyMMdd']
$serverlist = $serverListpath.Name
foreach($server in $serverlist){
if($server -like '#*')
{
continue
}
$threshold = 500 #Number of days to look for expiring certificates
$deadline = (Get-Date).AddDays($threshold) #Set deadline date
$p = ($c++/$server.count) * 100
Write-Progress -Activity "Checking $._" -Status "$p % completed" -PercentComplete $p;
if(Test-Connection -ComputerName $server -Count 2 -Quiet){
#$server = "KnownIISServerHostname" #<-- to test with a hostname
Invoke-Command -Verbose -ComputerName $server { Dir Cert:\LocalMachine\My } |`
foreach {
If ($_.NotAfter -le $deadline) {
$_ | Select *| select PSComputerName, Subject, NotAfter, @{Label="Expires In (Days)";Expression={($_.NotAfter - (Get-Date)).Days}} }
}|`
select PSComputerName,Subject, NotAfter, @{Label="Expires In (Days)";Expression={($_.NotAfter - (Get-Date)).Days}} |`
export-csv -Force -Append -Encoding ASCII -NoTypeInformation .\output\$day-ExpiringIISSSLCerts.csv
}
}
那么我在哪里調整它以獲得對只有現有“主題”字段的回復; 不獲取空主題字段回復(即 RDP 證書)
6 個解決方案
解決方案1
1 2021-09-28 02:48:57
嘗試使用這個:
Import-Module WebAdministration
$CertAll=Get-ChildItem -Path Cert:\LocalMachine\My
$CertInUse=Get-Childitem -Path IIS:\SslBindings
$CertSame=Compare-Object -ReferenceObject $CertAll -DifferenceObject $CertInUse -Property ThumbPrint -IncludeEqual -ExcludeDifferent
$CertSame | foreach{Get-Childitem –path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}}
解決方案2
1 2021-09-28 20:20:24
由於 IIS 證書是您關注的范圍,因此我建議您使用 IIS PowerShell 模塊來確保您只選擇 IIS 實際使用的證書。
以下內容應使用 HTTPS(SSL) 提取附加到站點的證書。 我目前在單個 IIS 服務器上沒有多個站點進行測試,但理論上這應該找到所有站點,而不僅僅是“默認網站”。
$serverlist = $serverListpath.Name
foreach($server in $serverlist){
if($server -like '#*')
{
continue
}
$threshold = 500 #Number of days to look for expiring certificates
$deadline = (Get-Date).AddDays($threshold) #Set deadline date
$p = ($c++/$server.count) * 100
Write-Progress -Activity "Checking $._" -Status "$p % completed" -PercentComplete $p;
if(Test-Connection -ComputerName $server -Count 2 -Quiet){
#$server = "KnownIISServerHostname" #<-- to test with a hostname
#Pull certificates from existing IIS bindings
$certificates = Invoke-Command -Verbose -ComputerName $server {
Import-Module IISAdministration
$sitebindings = Get-IISSite | foreach { Get-IISSiteBinding -Protocol HTTPS -Name $_ }
$thumbprints = $sitebindings.Attributes | where {$_.Name -match "certificateHash"} | Select-Object -ExpandProperty Value
$thumbprints | foreach {dir Cert:\LocalMachine\My\$_}
}
$certificates |`
foreach {
If ($_.NotAfter -le $deadline) {
$_ | Select *| select PSComputerName, Subject, NotAfter, @{Label="Expires In (Days)";Expression={($_.NotAfter - (Get-Date)).Days}} }
}|`
select PSComputerName,Subject, NotAfter, @{Label="Expires In (Days)";Expression={($_.NotAfter - (Get-Date)).Days}} |`
export-csv -Force -Append -Encoding ASCII -NoTypeInformation .\output\$day-ExpiringIISSSLCerts.csv
}
}
解決方案3
0 2021-10-09 21:02:21
#完整的本地運行腳本。 在 Foreach 調用命令中調用它。
$CertAll=GCI -Path Cert:\LocalMachine\My
$CertInUse= (GCI IIS:SSLBindings)
$CertSame=Compare-Object -ReferenceObject $CertAll -DifferenceObject $CertInUse -Property ThumbPrint -IncludeEqual -ExcludeDifferent
#$CertSame=Compare-Object -ReferenceObject $CertAll -Property ThumbPrint -IncludeEqual -ExcludeDifferent
$CertSame | foreach{GCI -filter "" –path Cert:\LocalMachine\My\$($_.thumbprint)} | Select-Object -Property Issuer, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}} -First 1
謝謝@bruce-zhang
解決方案4
0 2022-06-30 23:55:35
類似於@bruce-zhangs 的出色答案,但首先獲取正在使用的證書,然后僅從適當的證書存儲中檢索那些(而不是只查看My證書存儲):
Import-Module WebAdministration
$CertsInUse = Get-Childitem -Path IIS:\SslBindings
$CertsInUse | foreach{Get-Childitem –path Cert:\LocalMachine\$($_.Store)\$($_.Thumbprint)} | Select-Object -Property FriendlyName,Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}}
這是一個更詳細的foreach :
Import-Module WebAdministration
$CertsInUse = Get-Childitem -Path IIS:\SslBindings
$CertsDetails = @()
foreach ($Cert in $CertsInUse) {
$CertsDetails += Get-ChildItem -Path Cert:\LocalMachine\$($Cert.Store)\$($Cert.Thumbprint)
}
$CertsDetails | Select-Object -Property FriendlyName,Subject, @{n=’ExpireInDays’;e={($_.notafter – (Get-Date)).Days}}
解決方案5
0 2022-07-12 18:46:44
#checkCertExpDate-manual.ps1
$day = Get-Date -Format yyyyMMdd
$threshold = 5000 #Number of days to look for expiring certificates
$deadline = (Get-Date).AddDays($threshold) #Set deadline date
Dir Cert:\LocalMachine\My | foreach {
If ($_.NotAfter -le $deadline) { $_ | Select Issuer, Subject, NotAfter, @{Label="Expires In (Days)";Expression={($_.NotAfter - (Get-Date)).Days}} }
}
然后你只需 grep 的名稱:
.\checkCertExpDate-manual.ps1|Select-String -pattern "companyname"
現在,我可以將“$threshold”設置為任何我想要的...
在我復制到每台服務器后,我遠程調用它,並將輸出寫入日志,然后每周從計划任務中自動通過電子郵件發送給自己。
解決方案6
0 已采納 2022-07-12 19:18:20
#D:\batch\checkCertExpDate.ps1
$day = Get-Date -Format yyyyMMdd
Set-Location d:\batch
$serverlist = gc ".\serverlist.txt"
foreach($server in $serverlist)
{
$threshold = 45 #Number of days to look for expiring certificates
$deadline = (Get-Date).AddDays($threshold) #Set deadline date
Invoke-Command $server { Dir Cert:\LocalMachine\My } | foreach {
If ($_.NotAfter -le $deadline) { $_ | Select Issuer, Subject, NotAfter, @{Label="Expires In (Days)";Expression={($_.NotAfter - (Get-Date)).Days}} }
}|select -expandproperty Subject|out-file .\output\$day-ExpiringIISSSLCerts.txt -Encoding ascii -Append
}
# Start mail send
$log = "d:\batch\output\$day-ExpiringIISSSLCerts.txt"
if(Test-Path -Path $log){
$smtpServer = "smtp.domain.com"
$messageSubject = "Verify SSL Cert Check Report - " + $env:computername
$message = New-Object System.Net.Mail.MailMessage
$message.From = "authorizedaccount@domain.com"
$message.To.Add("patrick.burwell@domain.com")
$message.Subject = $messageSubject
$message.IsBodyHTML = $true
$message.Body = "<head><pre>$style</pre></head>"
$message.Body += "Cert Check Report - " + $env:computername
$message.Body += Get-Date
$message.Body += "<br><b>Expiring Non-Prod Verify SSL Certificates Report from " + $env:computername + "</b>"
$message.Attachments.Add($log)
$smtp = New-Object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($message)
}
$result = Get-content $log
write-host $result |format-list -View table
如何在 PowerShell 中檢索 IIS 網站的 SSL 證書
[英]How to retrieve SSL certificate of an IIS website in PowerShell
如何使用powershell安裝和配置IIS、SSL證書、urlrewrite、git和克隆倉庫
[英]How to use powershell to install and configure IIS, SSL certificate, urlrewrite, git and clone repository
為什么我不能從Powershell中刪除OU(當我可以使用其他UI時)?
[英]Why can't I delete an OU from Powershell (when I can with another UI)?
Powershell腳本為OU中的所有服務器掃描過期的SSL證書
[英]Powershell script to scan for Expired SSL certificate for all server in OU not working
如何通過Powershell腳本設置IIS 10.0管理服務SSL證書以允許Web部署?
[英]How do I set the IIS 10.0 Management Service SSL Certificate via a Powershell script to allow Web Deploy?
我如何從附加的 CSV 文件中的 DistinguishedName 列中過濾“OU = 服務帳戶”:powershell
[英]How can i Filter “OU=Service account” from column DistinguishedName from a CSV file attached : powershell
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
Powershell顯示OU以獲取服務器列表
如何在 PowerShell 中檢索 IIS 網站的 SSL 證書
如何使用PowerShell查找網站的證書?
如何使用powershell安裝和配置IIS、SSL證書、urlrewrite、git和克隆倉庫
為什么我不能從Powershell中刪除OU(當我可以使用其他UI時)?
Powershell腳本為OU中的所有服務器掃描過期的SSL證書
從powershell創建自簽名的iis ssl證書
如何通過Powershell腳本設置IIS 10.0管理服務SSL證書以允許Web部署?
我如何從附加的 CSV 文件中的 DistinguishedName 列中過濾“OU = 服務帳戶”:powershell
Powershell 在證書快到期時通知
相關標簽