# The Following Website explaines very well how it works with Certificates. # https://blogs.technet.microsoft.com/scotts-it-blog/2014/12/30/working-with-certificates-in-powershell/ # ================= Folowing things has to be done before you can query Remote Server========================== # Enable-PSRemoting has to be run on every server. # # On Server that are not reachable on the Standard Ports 5985 and 5986 you have to change the Listener to Http and Https. # Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value true # Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpsListener -Value true # The option -Port 443 oder 80 also has to be set. # # Check Listener: dir WSMan:\localhost\Service # ============================================================================================================= # Example 1 #Get-ChildItem -Path Cert:\LocalMachine\My -Recurse | where { $_.notafter -le (get-date).AddDays(50) -AND $_.notafter -gt (get-date)} | select Friendlyname, subject, NotAfter # Example 2 #Get-ChildItem –Recurse | where {$_.Notafter -le (get-date).AddDays(50) -AND $_.notafter -gt (get-date)}| select Friendlyname, subject, NotAfter | Format-Table NotAfter, FriendlyName, Subject #Invoke-Command -Computername $Serverliste -ScriptBlock {Get-ChildItem Cert:\LocalMachine\My -Recurse | where {$_.Notafter -le (get-date).AddDays(750) -AND $_.notafter -gt (get-date)}| select subject, Friendlyname, NotAfter} | Format-Table subject, NotAfter, FriendlyName, DaysUntilExpired Import-Module PKI Set-Location Cert:\LocalMachine\My # Treshold days that will expire $treshold = 50 # ============================ # Create Array # ============================ $Serverlist = @("server01.domain.local" "server02.domain.local" "server03.domain.local" "server04.domain.local" "server05.domain.local" ) # ============================ # Das auslesen von Zertifikaten # ============================ $Certlist = ( Invoke-Command -ComputerName $Serverlist -ScriptBlock {Get-ChildItem Cert:\LocalMachine\My | Where {$_.NotAfter -lt (Get-Date).AddDays($treshold)}} | ForEach { [pscustomobject]@{ FQDN = $_.Subject #Computername = $_.PSComputername ExpiresOn = $_.NotAfter } } |Sort-Object -Descending |Out-File C:\Temp\Certlist.txt ) #=================================================================== $ToAddress = 'admin@domain.local' $FromAddres = "$env:computername.$env:userdnsdomain <admin@domain.local>" #$SmtpServer = 'smtp.office365.com' $SmtpServer = "mrelay.domain.local" #$SmtpPort = '587' $Attachment = "C:\Temp\Certlist.txt" $Subject = "Certlist with Server that having a Certifcatite expring in $treshold days" #Body as HTML $BodyHead = 'This mail has been automaticly generated by the GetCertificate script. <br> This Task runs following script C:\Temp\GetCertifikate.ps1. <br><br>See Attachment for expiring Certificates.<br>Please do not reply<br><br><br>' $Body = "$BodyHead" + "$Certlist" #Body as Text #$Body = "This is an automated mail used by a script. `r`n Please do not reply. `r`n `r See Attachment with log" $mailparam = @{ To = $ToAddress From = $FromAddres Subject = $Subject Body = $Body Smtpserver = $SmtpServer #Port = $SmtpPort #Credential = $SmtpCred Attachment = $Attachment } If ((Get-Content $Attachment) -eq $Null) {"File is blank"} Elseif ((Get-Content $Attachment) -ne $Null) {Send-MailMessage @mailparam -UseSsl -BodyAsHtml}