Check-SSL
Q: How-to monitor if a SSL certificate expiration date is coming?
A: We can wait for the alert email from the SSL certificate provider. And -WhatIf! Yes, what if the registered email no longer exists, or for any reason you don’t receive the alert? And what about one of my main rules: if you want it done right, you’ve got to do it yourself!?
So let’s do it ourselves! There’s many examples on how to check a SSL certificate validity and especially SSL certificate expiration date. But most of all checks the certificate store through the PS-drive ‘CERT:\’; that could be good enough, but it’s not the way I wanted… I want to get the certificate(s) from a central monitoring server through a webrequest.
Ok, here we are:
<# .SYNOPSIS Check-SSL.ps1 - Gets SSL certificate expiration date .DESCRIPTION Check-SSL.ps1 - Gets SSL certificate expiration date and send an email alert if a defined threshold is exceeded. .PARAMETER WebsiteURL Defines the URL of the SSL certificate to check Mandatory parameter No default value. .PARAMETER WebsitePort Defines the website port of the SSL certificate to check Default is 443. .PARAMETER CommonName Defines the CommonName (CN) of the SSL certificate to check Default is the value of the WebsiteURL parameter. .PARAMETER Threshold Defines the threshold (in days). If the SSL certificate expiration date exceeded the threshold, an email alert is sent. Default is 15. .NOTES File Name : Check-SSL.ps1 Author : Fabrice ZERROUKI - fabricezerrouki@hotmail.com .EXAMPLE PS D:\> .\Check-SSL.ps1 -WebsiteURL secure.zerrouki.com -Threshold 30 Performs a check of the expiration date for the SSL certificate that secures the website http://secure.zerrouki.com. If the certificate expires in less than 30 days, an email alert is sent. #> Param( [Parameter(Mandatory=$true,HelpMessage="IP address or hostname to check")][string]$WebsiteURL, [Parameter(HelpMessage="TCP port number that SSL application is listening on")][int]$WebsitePort=443, [Parameter(HelpMessage="CommonName (CN) on certificate")][string]$CommonName=$WebsiteURL, [Parameter(HelpMessage="The number of days after which an alert should be sent.")][int]$Threshold=15 ) $MailTo="recipient@mail.com" $MailSubject="$WebsiteURL - SSL certificate will expire in $ValidDays days" $MailFrom="sender@mail.com" $SmtpServer="mailserver.example.com" $MailBody=@" <html><span style='font-family: Tahoma; font-size: 12px;' >Hi,<br /> <br /> the SSL certificate for the website "$WebsiteURL" will expire in $ValidDays days. You should conserder renewing it.<br /> <br /> ----------------------------------------------------------------------------</span><br /> <span style='font-family: Tahoma; font-size: 10px;' >This is an automatically generated email, please do not reply.<br /> <br /></span></html> "@ Try { $Conn = New-Object System.Net.Sockets.TcpClient($WebsiteURL,$WebsitePort) Try { $Stream = New-Object System.Net.Security.SslStream($Conn.GetStream()) $Stream.AuthenticateAsClient($CommonName) $Cert = $Stream.Get_RemoteCertificate() $ValidTo = [datetime]::Parse($Cert.GetExpirationDatestring()) Write-Host "`nConnection Successfull" -ForegroundColor DarkGreen Write-Host "Website: $WebsiteURL" $ValidDays = $($ValidTo - [datetime]::Now).Days if ($ValidDays -lt $Threshold) { Write-Host "`nStatus: Warning (Expires in $ValidDays days)" -ForegroundColor Yellow Write-Host "CertExpiration: $ValidTo`n" -ForegroundColor Yellow Send-MailMessage -To $MailTo -Subject $MailSubject -From $MailFrom -SmtpServer $SmtpServer -Priority High -BodyAsHtml $MailBody } else { Write-Host "`nStatus: OK" -ForegroundColor DarkGreen Write-Host "CertExpiration: $ValidTo`n" -ForegroundColor DarkGreen } } Catch { Throw $_ } Finally { $Conn.close() } } Catch { Write-Host "`nError occurred connecting to $($WebsiteURL)" -ForegroundColor Yellow Write-Host "Website: $WebsiteURL" Write-Host "Status:" $_.exception.innerexception.message -ForegroundColor Yellow Write-Host "" }
Has to be scheduled, each day for example (obviously less the threshold!).
http://www.zerrouki.com/schedule-a-powershell-script-execution/