Powershell脚本在IIS中查找当前绑定的过期证书 [英] Powershell script to find currently bound expiring certificates in IIS
问题描述
我正在尝试获取一个工作脚本来检查IIS中SSL证书是否过期.有许多类似的条目,只是获得了已安装证书的过期列表,但我需要一些额外的逻辑.
I am trying to get a working script to check for expiring SSL certificates in IIS. There are many similar entries with simply getting the list of expiring installed certificates but I need some extra logic.
我需要知道所有在x天内到期的证书,这些证书是A)当前绑定到网站,B)网站必须处于已启动"状态
I need to know all certificates expiring within x days that are A) currently bound to a website and B) that website must have a state of "Started"
我(在下面)收集了某些信息,但是我很难将它们关联起来,因此它们只给我我需要的过期证书.更复杂的是,我不能简单地在CN的证书主题中查找站点名称,因为已安装了数百个证书,并且同一站点仍然有1个或更多个较旧的证书并不少见被安装.话虽如此,他们有相同的主题.我将需要比较指纹,但是仅通过指定站点名称来获取指纹非常困难.
I have certain information gathered (below) but I am having trouble correlating them so they only give me the expiring certs I need. To add to the complexity, I can't simply look for the site name in the CN in the subject of the certificates because there are many hundreds of certs installed and it is not uncommon for 1 or more older certificates for the same site to still be installed. That being said, they have the same subject. I will need to compare thumbprints but getting the thumbprint by simply specifying the site name is proving to be difficult.
一些收集各种相关细节的代码如下:
Some of the code to gather various relevant details is as follows:
ActiveSites = get-website | where {$_.State -eq "Started"}
$DaysToExpiration = 7
$InstalledCerts = gci cert:\localmachine\my
$ExpiringCerts = $InstalledCerts | Where {(($_.NotAfter - (Get-Date)).Days) -lt $DaysToExpiration}
推荐答案
可以从IIS:
提供程序获取绑定到网站的证书列表:
A list of the certificates bound to websites can be obtained from the IIS:
provider:
Get-ChildItem IIS:SSLBindings
尝试一下:
$DaysToExpiration = 7
$expirationDate = (Get-Date).AddDays($DaysToExpiration)
$sites = Get-Website | ? { $_.State -eq "Started" } | % { $_.Name }
$certs = Get-ChildItem IIS:SSLBindings | ? {
$sites -contains $_.Sites.Value
} | % { $_.Thumbprint }
Get-ChildItem CERT:LocalMachine/My | ? {
$certs -contains $_.Thumbprint -and $_.NotAfter -lt $expirationDate
}
这篇关于Powershell脚本在IIS中查找当前绑定的过期证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!