# The Following Website explaines very well how it works with Certificates.
# https://blogs.technet.microsoft.com/scotts-it-blog/2014/12/30/working-with-certificates-in-powershell/
# ================= Folowing things has to be done before you can query Remote Server==========================
# Enable-PSRemoting has to be run on every server.
#
# On Server that are not reachable on the Standard Ports 5985 and 5986 you have to change the Listener to Http and Https.
# Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value true
# Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpsListener -Value true
# The option -Port 443 oder 80 also has to be set.
#
# Check Listener: dir WSMan:\localhost\Service
# =============================================================================================================
# Example 1
#Get-ChildItem -Path Cert:\LocalMachine\My -Recurse | where { $_.notafter -le (get-date).AddDays(50) -AND $_.notafter -gt (get-date)} | select Friendlyname, subject, NotAfter
# Example 2
#Get-ChildItem –Recurse | where {$_.Notafter -le (get-date).AddDays(50) -AND $_.notafter -gt (get-date)}| select Friendlyname, subject, NotAfter | Format-Table NotAfter, FriendlyName, Subject
#Invoke-Command -Computername $Serverliste -ScriptBlock {Get-ChildItem Cert:\LocalMachine\My -Recurse | where {$_.Notafter -le (get-date).AddDays(750) -AND $_.notafter -gt (get-date)}| select subject, Friendlyname, NotAfter} | Format-Table subject, NotAfter, FriendlyName, DaysUntilExpired
Import-Module PKI
Set-Location Cert:\LocalMachine\My
# Treshold days that will expire
$treshold = 50
# ============================
# Create Array
# ============================
$Serverlist = @("server01.domain.local"
"server02.domain.local"
"server03.domain.local"
"server04.domain.local"
"server05.domain.local"
)
# ============================
# Das auslesen von Zertifikaten
# ============================
$Certlist = (
Invoke-Command -ComputerName $Serverlist -ScriptBlock {Get-ChildItem Cert:\LocalMachine\My |
Where {$_.NotAfter -lt (Get-Date).AddDays($treshold)}} | ForEach {
[pscustomobject]@{
FQDN = $_.Subject
#Computername = $_.PSComputername
ExpiresOn = $_.NotAfter
}
} |Sort-Object -Descending |Out-File C:\Temp\Certlist.txt )
#===================================================================
$ToAddress = 'admin@domain.local'
$FromAddres = "$env:computername.$env:userdnsdomain <admin@domain.local>"
#$SmtpServer = 'smtp.office365.com'
$SmtpServer = "mrelay.domain.local"
#$SmtpPort = '587'
$Attachment = "C:\Temp\Certlist.txt"
$Subject = "Certlist with Server that having a Certifcatite expring in $treshold days"
#Body as HTML
$BodyHead = 'This mail has been automaticly generated by the GetCertificate script. <br> This Task runs following script C:\Temp\GetCertifikate.ps1. <br><br>See Attachment for expiring Certificates.<br>Please do not reply<br><br><br>'
$Body = "$BodyHead" + "$Certlist"
#Body as Text
#$Body = "This is an automated mail used by a script. `r`n Please do not reply. `r`n `r See Attachment with log"
$mailparam = @{
To = $ToAddress
From = $FromAddres
Subject = $Subject
Body = $Body
Smtpserver = $SmtpServer
#Port = $SmtpPort
#Credential = $SmtpCred
Attachment = $Attachment
}
If ((Get-Content $Attachment) -eq $Null) {"File is blank"}
Elseif ((Get-Content $Attachment) -ne $Null) {Send-MailMessage @mailparam -UseSsl -BodyAsHtml}