We may need to follow up and keep in mind that certificate of SharePoint environment will be expired, thus we should be aware, somehow reminded to take proper action before it happened.
For that necessity , I developed PowerShell script that it automatically detects SP server in Farm and connects them to retrieve certificate information that assigned to Web Applications in IIS, in order to compare expire date with last 3 months and create HTML report with the acquired information like below.
Hostname, IPAddrs, WebName, ExpireDate, ThumbPrint, Attention
XXXWFE1, 192.x.x.x, contosowfe.local, 08/07/2021 19:16:00, CE7C3DBXXXXXXXXA66E3D, Normal
You may set it as scheduled task providing running with appropriate privileged account and it may send e-mail as attached the created HTML report, to administrators for monthly, weekly whenever you want.
################################ # Author: E.Ayyildiz # Date: 08/01/2021 # Version: 1.0.1 ################################ if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction Ignore) -eq $null) { Add-PSSnapin "Microsoft.SharePoint.PowerShell" } #Automatically get server information directly from farm and run on them. $domainname = "."+(Get-WmiObject win32_computersystem).Domain $computers = (Get-SPServer | ?{($_.Role -eq "Application") -or ($_.Role -eq "WebFrontEnd") -or ($_.Role -eq "Search")} | select name) | foreach {$_.name + $domainname} function Get-CertificateStatus{ param( $ComputerName ) $s = New-PSSession -ComputerName $ComputerName Invoke-Command -Session $s -ScriptBlock{ Import-Module WebAdministration $result = @() $d1 = (Get-Date).AddMonths(3) $d2 = Get-Date $d1 -Format "dd/MM/yy HH:mm" $date = [datetime]::ParseExact(($d2 -replace "[^0-9/\:\s]"),"dd/MM/yy HH:mm",$Null) $hostname = (Get-CimInstance -ClassName Win32_ComputerSystem).Name $webbindings = Get-WebBinding -Protocol https -Port 443 # Get Bindings from IIS foreach($binding in $webbindings){ $attention = $null $certexpdate= $null $Thumbprint = ($binding.Attributes).Item(4).value # Get thumprint of certificate that assigned to web application #$Thumbprint =$binding.certificateHash $name = ($binding.bindingInformation).Split(":").GetValue(2) # Get name of web application $ip = ($binding.bindingInformation).Split(":").GetValue(0) # Get name of web application $d1 = (Get-ChildItem Cert:\LocalMachine -Recurse | ? {$_.Thumbprint -like $Thumbprint} | select -First 1).GetExpirationDateString() # Get Expire date $d2 = Get-Date $d1 -Format "dd/MM/yy HH:mm" $certexpdate = [datetime]::ParseExact(($d2 -replace "[^0-9/\:\s]"),"dd/MM/yy HH:mm",$Null) if($date -lt $certexpdate){ $attention = "Normal" }else{$attention = "Attention Renew Certificate!"} #Write-Host $name,$certexpdate $item = New-Object -TypeName PSCustomObject -Property @{ 'WebName' = $name 'IPAddrs' = $ip 'ExpireDate' = $certexpdate 'Attention' = $attention 'Hostname' = $hostname 'ThumbPrint' = $Thumbprint } $result += $item } #Foreach finish return $result } #Scriptblock finish } Foreach($computer in $computers){ $result = @() $style = "<style>BODY{font-family: Arial; font-size: 10pt;}" $style = $style + "TABLE{border: 1px solid black; border-collapse: collapse;}" $style = $style + "TH{border: 1px solid black; background: #dddddd; padding: 5px; }" $style = $style + "TD{border: 1px solid black; padding: 5px; }" $style = $style + "</style>" $result = Get-CertificateStatus -ComputerName $computer $result | select Hostname,IPAddrs,Webname,ExpireDate,ThumbPrint,Attention | ConvertTo-Html -Head $style | Out-File C:\Temp\MonitoringCertificate.html -Append } #Foreach finish $to = "xxx.xxx","xxx.xxx" Send-MailMessage -Attachments "C:\Temp\MonitoringCertificate.html" -From noreply@xxx.xxx -To $to -Subject "Certificate Status of Contoso!" -Body "Hi, Please find and check certificate status of Web services as attached" -SmtpServer xxx.xxx
Thanks for reading.
Erdem Ayyildiz