We are continuing our new series that answers common questions, or questions that have been asked about PowerShell. Today, certificate expiration remotely off servers. What we intend to provide is one of the many, many ways you can accomplish these tasks within PowerShell.
All of the solutions are ours and demonstrate the author’s skill and ability level at the time of writing. That is to say, we might not always write the best PowerShell code, however, if you know of a better way we welcome that input.
Let’s start. The question is:
Is there anyway to pull certificate information from servers remotely?
The Answer:
Yes. You can do this with Get-Childitem
locally, using Invoke-Command
and Get-Childitem
together is what you are looking for.
What is the Get-ChildItem
cmdlet you ask? The Get-ChildItem
cmdlet literally gets the items in a specified location, or locations. If the item is a container, like registry keys, or directories, or text files, it gets the items inside the container, the items that reside inside these types of containers are called child items. You can use the -Recurse
parameter to get items in all child containers and use the -Depth
parameter to limit the number of levels to recurse.
For instance:
(Get-ChildItem Cert:\LocalMachine\My) | Get-Member -MemberType Property
Will return Name, Member Type, and Definition.
Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.subject -match [Environment]::GetEnvironmentVariable("newcomputer0001")}
Lastly, pull only certs that are expired from remote servers and outputs that information to the console for review.
Now that you know check out This article if you are looking to add more to your Invoke-Command
.