This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 88%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello! I'm trying to figure out how to display when SSL certificates expire. Currently, I have the following code (which was provided to me by a colleague) and I want to know how to display the certificate's expiration date. If possible I would also like to know if there is a way to display certificates that expire in a certain time frame (i.e. show SSL certificates expiring between June 1st to July 1st, or sho certificates that only expire on June 25th). Thank you so much for your help in advance!
# Get a list of certs
dir Cert:\LocalMachine\My
# Grab the thumbprint for the cert we want to use
$certHash = "D3A6E7B1746DFA37D4B93263AAA1348A2BA41720"
# Get the AppID for the existing app on the interface
netsh http show sslcert
$guid = "5d8e2743-ef20-4d38-8751-7e400f200e65"
$ip = "0.0.0.0" # This means all IP addresses
$port = "443" # the default HTTPS port
#"http update sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Hi @Jess13777 ,
There's a property about certificate called NotAfter. You can get expire date from NotAfter and start date from NotBefore. So as @Rich Matheisen provided, his powershell script can get expire date. You can try it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
You can use this as a starting point for checking the explicit dates, or range of cert expiration dates, in a script:
$certHash = "D3A6E7B1746DFA37D4B93263AAA1348A2BA41720"
Get-ChildItem -Path cert:\LocalMachine\My -Recurse |
Where-Object {$_.Thumbprint -eq $cert} |
Select-Object NotAfter
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 77%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Hi Ritchie,
Note:My requirement is i want to get only expiration certificate details using powershell command.kinldy help us ASAP.
$certHash what does meant?
I gave this command below then i am not getting any output.
Get-ChildItem -Path cert:\LocalMachine\My -Recurse |
Where-Object {$_.Thumbprint -eq $cert} |
Select-Object NotAfter
In your original question, you said "how to display when SSL certificates expire". You provided some sample code and, in that code you showed the thumbprint of a single certificate.
A thumbprint is a calculated value that uniquely identifies a single certificate and is usually referred to as a "hash value".
The code sample I provided used the thumbprint value you provided and placed it into a variable named $certHash (for "Certificate Hash). I didn't want to use a variable named "$thumbprint" because it might be confused with the certificate property named "Thumbprint".
If my code finds the certificate with the thumbprint you provided it then displays the certificate's expiration date. The code doesn't compare the expiry date against anything because you didn't specify if you wanted to look only for already expired certificates or for certificates that will expire in the next "X" days.
@Venkadesh It works if you change the variable from $cert to $certHash, see my edit to the original below:
$certHash = "D3A6E7B1746DFA37D4B93263AAA1348A2BA41720"
Get-ChildItem -Path cert:\LocalMachine\My -Recurse |
Where-Object {$_.Thumbprint -eq $certHash} |
Select-Object NotAfter
Hi there,
To find certificates that will expire in the next 30 days on all domain servers, use this PowerShell script:
$servers= (Get-ADComputer -LDAPFilter "(&(objectCategory=computer)(operatingSystem=Windows Server*) (!serviceprincipalname=MSClusterVirtualServer) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))").Name
$result=@()
foreach ($server in $servers)
{
$ErrorActionPreference="SilentlyContinue"
$getcert=Invoke-Command -ComputerName $server { Get-ChildItem -Path Cert:\LocalMachine\My -Recurse -ExpiringInDays 30}
foreach ($cert in $getcert) {
$result+=New-Object -TypeName PSObject -Property ([ordered]@{
'Server'=$server;
'Certificate'=$cert.Issuer;
'Expires'=$cert.NotAfter
})
}
}
Write-Output $result
------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–
Hi,
how do i get only expiration certification details in local server using powershell script.i want to get certificate details on or before 08-Aug-2022
for ex.today date is 08-Aug-2022.
Next scanerios: I want to send e mail notification from each server via smtp.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 23%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
I tried this script, and it shows all certificates that are tied to IIS websites.