Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Tuesday, June 30, 2015

My Daily Certificate Authority Check

Earlier this year I rolled out my organizations own Public Key Infrastructure. Certificates.

I use the script below to send me an email that includes the following in the subject:
How many days until the next certificate will expire
A list of all issued certificates
How many requests are pending.

Like this subject, for example: PS Report - Issuing CA Info (Next Expiration is 296 days from now, 0 Requests Pending). A list of all issued certificates, with common name, issue date, and the template they are based on is attached as an HTML file.

A prerequisite for this script is the PS PKI Module, which can be found here on Codeplex.

This script runs from my issuing certificate authority server.

######################################################################
# BEGIN SCRIPT
######################################################################

#Import the PS PKI Module
Import-Module PSPKI

#Variables
$TempFile = "C:\Temp\CA_Report.html"
$Today = get-date
$To = "reportingaddress@contoso.com"
$From = "me@contoso.com"
$SMTPServer = "mailserver.contoso.com"

#Get the CA Name
$CAName = (Get-CA | select Computername).Computername

#Get Details on Issued Certs
$Output = Get-CA | Get-IssuedRequest | select RequestID, CommonName, NotAfter, CertificateTemplate | sort Notafter

#Take the above, and exclude CAExchange Certs, Select the first one, and get an integer value on how many days until the earliest renewal is necessary
$RelevantInfo = ($Output | where-Object {$_.CertificateTemplate -notlike "CAExchange"})
$EarliestExpiryInteger = ([math]::abs(($Today - ($RelevantInfo[0].Notafter)).Days)).ToString()

#Write the Relevant Info to a temp file
$RelevantInfo | ConvertTo-HTML | out-file $TempFile

#Get Details on Pending Requests
$Pending = Get-CA | Get-PendingRequest

#Get number of pending requests - If pending requests is null, then PendingCount is left at zero
If ($Pending){$PendingCount = ($Pending | Measure-Object).count}
Else {
$PendingCount = 0
$Pending = "`r`nNone"
} #End Else
$PendingCountStr = $PendingCount.ToString()

#Make the mail body
$Body = "See Attached"

$Subject = "PS Report - Issuing CA Info (Next Expiration is $EarliestExpiryInteger from now, $PendingCountStr Requests Pending)"

Send-mailmessage -To $To -From $From -SmtpServer $SMTPServer -Subject $Subject -Body $Body -Attachments $TempFile

Remove-Item $TempFile -force

######################################################################
# END SCRIPT
######################################################################

No comments:

Post a Comment