View previous topic :: View next topic |
Author |
Message |
RogerSpraggon
Joined: 19 Mar 2012 Posts: 59
|
Posted: Thu Sep 19, 2019 5:58 pm Post subject: Test for Certification Authority Certificate Expiry |
|
|
We have an internal AD Certificate Authority server that issues certificates to AD users and computers and I'm trying to find a way to test when the Certification Authority Certificate expires |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12801 Location: USA
|
Posted: Fri Sep 20, 2019 1:20 pm Post subject: |
|
|
Not sure..
What about Certificate Expiration test on port 636 (LDAP)?
If this will not work, try Shell Script test with powershell script like
Code: | $statusUnknown = "ScriptRes:Unknown:"
$statusOk = "ScriptRes:Ok:"
$statusBad = "ScriptRes:Bad:"
try
{
Get-CA ca.company.com | Get-IssuedRequest -Property "CertificateTemplate" | %
{
$daysleft = ($_.NotAfter - (Get-Date)).days
echo ScriptRes:Ok:$daysleft
}
}
catch
{
echo $statusUnknown + $_.Exception.GetType().FullName + ":" + $_.Exception.Message
} |
Script uses PKI module
https://github.com/PKISolutions/PSPKI
Regards
Alex |
|
Back to top |
|
|
RogerSpraggon
Joined: 19 Mar 2012 Posts: 59
|
Posted: Mon Sep 23, 2019 7:55 pm Post subject: |
|
|
The port 636 LDAP didn't work.
Started playing with the script and having trouble restricting to just the Certification Authority Certificate |
|
Back to top |
|
|
|