SystemAdmins.AdcsToolbox

1.0.1

private/certificateauthority/Get-CACertificateExpired.ps1

                                function Get-CACertificateExpired

{

    <#

    .SYNOPSIS

        Get expired certificates.

    .DESCRIPTION

        Return array list of expired certificates.

    .PARAMETER Date

        Date to get certificate up-to. Default is today.

    .EXAMPLE

        Get-CACertificateExpired;

    .EXAMPLE

        Get-CACertificateExpired -Date (Get-Date).AddDays(-30);

    #>

    [cmdletbinding()]

    [OutputType([System.Collections.ArrayList])]

    param

    (

        # Date to get expired certificates up-to. Default is today.

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]

        [ValidateScript({ $_ -le (Get-Date) })]

        [DateTime]$Date = (Get-Date)

    )

    BEGIN

    {

        # Write to log.

        $customProgress = Write-CustomProgress -Activity $MyInvocation.MyCommand.Name -CurrentOperation 'Getting expired certificates from CA';

        # Arguments to be used with CertUtil.exe.

        [string]$certUtilArguments = '';

        # Object array for the expired certificates.

        $expiredCertificates = New-Object System.Collections.ArrayList;

    }

    PROCESS

    {

        # If date is set.

        if ($PSBoundParameters.ContainsKey('Date'))

        {

            # Contruct the arguments.

            $certUtilArguments = ('-view -restrict "Certificate Expiration Date < {0}" -out "RequestId,RequesterName,CommonName,CertificateTemplate,Certificate Expiration Date,CertificateHash,StatusCode" csv' -f $Date.ToString("dd'/'MM'/'yyyy"));

        }

        # Else use default.

        else

        {

            # Contruct the arguments.

            $certUtilArguments = '-view -restrict "Certificate Expiration Date < NOW" -out "RequestId,RequesterName,CommonName,CertificateTemplate,Certificate Expiration Date,CertificateHash,StatusCode" csv';

        }

        # Invoke certutil.

        $result = Invoke-CertUtil -Arguments $certUtilArguments;

        # Get the rows.

        [string[]]$rows = $result -split '\n';

        # Foreach row.

        foreach ($row in $rows)

        {

            # If row is empty.

            if ([string]::IsNullOrEmpty($row))

            {

                # Skip.

                continue;

            }

            # Skip first row.

            if ($row -like '"Issued Request ID"*')

            {

                # Skip.

                continue;

            }

            # Convert row from CSV to object.

            $csvData = $row | ConvertFrom-Csv -Header 'RequestId', 'RequesterName', 'CommonName', 'CertificateTemplate', 'ExpirationDate', 'CertificateHash', 'StatusCode' -Delimiter ',';

            # Add the data to the object array.

            $null = $expiredCertificates.Add($csvData);

        }

        # Write to log.

        Write-CustomLog -Message ('Found {0} expired certificate(s)' -f $expiredCertificates.Count) -Level Verbose;

    }

    END

    {

        # Write to log.

        Write-CustomProgress @customProgress;

        # Return the expired certificates.

        return $expiredCertificates;

    }

}