Using PowerShell to Find Expiring SSL Certificates & the Websites they’re Associated with
Have you recently received a notification about an expiring SSL certificate and don't remember where all it's used at? It's generally not an issue to figure this out with normal certificates which are issued for a single name, but if it's a wildcard certificate, it could be used on lots of different websites within your organization. The following PowerShell script retrieves all of the SSL certificate's thumbprints and their expiration dates on an individual server that has IIS installed (This has only been tested on Windows Server 2008 R2).
1Import-Module WebAdministration
2Get-ChildItem cert:\localmachine\my |
3Select-Object -Property Thumbprint, NotAfter |
4Sort-Object -Property NotAfter -Descending |
5Format-Table -AutoSize
Luckily with a wildcard certificate, the thumbprint will be the same for it across all servers. The
code below can be wrapped inside of Invoke-Command
to run it remotely against multiple servers to
determine all the websites the certificate is used on.
1Get-ChildItem iis:\sslbindings |
2Where-Object {$_.thumbprint -eq 'DAC5BAFC7F31BE283D43496BEB3D2345097B236C'}
µ