How to check domain SSL certificate expiry with PowerShell
Suppose you have multiple domains and need a script to check the SSL certificate validity with one script. Then, you can use that script in any scheduler job to check it regularly. I am not going too deep, but I am adding some code to get the certificate validity.
I used this script in our Azure FrontDoor Pipeline to send emails to administrators so that we could check which domains are expiring soon. We need to keep an eye on those domains.
I have used Powershell in Linux/Unix environments but have not tested it in a Windows environment. So please feel free to debug a little bit if you are facing any issues. Otherwise, you can add a comment so that I can debug your error as well.
# Your domain List
$domains = @( "defineway.com", "defineway.in" );
$sslPort = 443
# A class object where we will push dats
class DomainValidity{
[ValidateNotNullOrEmpty()] [string] $Domain
[ValidateNotNullOrEmpty()] [DateTime] $ExpiryDate
[ValidateNotNullOrEmpty()] [int] $ExpireAfter
}
# Here we will add all results
[DomainValidity[]] $domainValidityResult = @()
# Loop Over Domains Array
$domains | ForEach-Object {
$domain = $_;
# Checking for WhiteSpace
if( ![string]::IsNullOrWhitespace( $domain ) ) {
# Taking some arbitory numbers for default value
$expiryIn = -999;
$expiryDate = $(Get-Date).AddDays( $expiryIn )
# Result from OpenSSL
$openSSLResult = $( echo -n Q | openssl s_client -servername $domain -connect ${domain}:${sslPort} 2>/dev/null | openssl x509 -noout -dates );
# Check if we got result in correct format
if( $openSSLResult.GetType().BaseType.Name -eq "Array" ) {
$openSSLResult | ForEach-Object{
if( $_.StartsWith( 'notAfter=' ) ) {
$notAfter = $_.Replace( 'notAfter=', '' )
# Expiry can be in these 2 formats
[string[]] $format = @("MMM d HH:mm:ss yyyy 'GMT'","MMM d HH:mm:ss yyyy 'GMT'");
[DateTime] $expiryDate = New-Object DateTime;
$format.ForEach({
[DateTime] $dt = New-Object DateTime;
if( [DateTime]::TryParseExact( $notAfter, $_, [System.Globalization.CultureInfo]::InvariantCulture, [System.Globalization.DateTimeStyles]::None, [ref] $dt ) ) {
$expiryDate = $dt
$expiryIn = $( New-TimeSpan -Start $( Get-Date ) -End $expiryDate ).Days
}
});
}
}
}
$domainValidityResult += [DomainValidity] @{
Domain = $domain
ExpiryDate = $expiryDate
ExpireAfter = $expiryIn
}
}
}
# It will print the result
$domainValidityResult
Note: I have made the script self-explanatory with comments. But if you still have any issues understanding the code, please feel free to comment.