< Back
Get-UnhealthyCertificate
Post
NAME Get-UnhealthyCertificate
SYNOPSIS
Get-UnhealhtyCertificate checks the local certificate store or file system for
unhealthy SSL certificates.
SYNTAX
Get-UnhealthyCertificate [[-Path] <String[]>] [[-ComputerName] <String>] [[-WarningDays] <Int32>] [[-CriticalDays]
<Int32>] [[-ExcludedThumbprint] <String[]>] [[-WarningAlgorithm] <String[]>] [[-CriticalAlgorithm] <String[]>]
[[-CriticalKeySize] <Int32>] [[-WarningKeySize] <Int32>] [-Recurse] [<CommonParameters>]
DESCRIPTION
Get-UnhealhtyCertificate checks the local certificate store or file system for
unhealthy SSL certificates. Get-UnhealthyCertificate uses the Get-CertificateHealth
function from the CertificateHealth module to find certificates that have
expired or are expiring soon. It also checks for certificates using deprecated
or vulnerable signature algorithms.
PARAMETERS
-Path <String[]>
Required? false
Position? 1
Default value Cert:\\LocalMachine\\My
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ComputerName <String>
Specify a remote computer.
Required? false
Position? 2
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-WarningDays <Int32>
Specify the amount of days before the certificate expiration should be in
warning state.
Required? false
Position? 3
Default value 60
Accept pipeline input? false
Accept wildcard characters? false
-CriticalDays <Int32>
Specify the amount of days before the certificate expiration should be in
critical state.
Required? false
Position? 4
Default value 30
Accept pipeline input? false
Accept wildcard characters? false
-ExcludedThumbprint <String[]>
Array of thumbprints of certificates that should be excluded from being checked.
This would be used if there is a certificate that is expired, but do not need
to be notified about it.
Required? false
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-WarningAlgorithm <String[]>
Array of algorithms that are deprecated.
Required? false
Position? 6
Default value sha1RSA
Accept pipeline input? false
Accept wildcard characters? false
-CriticalAlgorithm <String[]>
Array of algorithms with known vulnerabilities.
Required? false
Position? 7
Default value md5RSA
Accept pipeline input? false
Accept wildcard characters? false
-CriticalKeySize <Int32>
Required? false
Position? 8
Default value 1024
Accept pipeline input? false
Accept wildcard characters? false
-WarningKeySize <Int32>
Certificates with key size less than this value and greater than the CriticalKeySize
will be considered warning.
Required? false
Position? 9
Default value 2048
Accept pipeline input? false
Accept wildcard characters? false
-Recurse [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Created by: Jason Wasser
Modified: 9/28/2016 11:24:57 AM
Version 1.6
Changelog:
v 1.6
* Added remote computer support through PSRP
v 1.5
* Added certificate key size health check
v 1.4
* Separated Nagios output to a separate function.
v 1.3
* Script renamed to use PowerShell approved verb.
* Script now part of CertificateHealth module and uses associated functions.
v 1.2
* Added Hashing Algorithm to prepare for sha1 deprecation.
v 1.0
* Initial Script
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-UnhealthyCertificate
Checks the computer personal certificate store for unhealthy certificates.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-UnhealthyCertificate -Path C:\\Temp,Cert:\\LocalMachine\\My
Checks the computer personal certificate store and C:\\temp for unhealthy certificates.
RELATED LINKS
https://gallery.technet.microsoft.com/s ... h-b646aeff
Requires -Version 2.0
SYNOPSIS
Get-UnhealhtyCertificate checks the local certificate store or file system for
unhealthy SSL certificates.
SYNTAX
Get-UnhealthyCertificate [[-Path] <String[]>] [[-ComputerName] <String>] [[-WarningDays] <Int32>] [[-CriticalDays]
<Int32>] [[-ExcludedThumbprint] <String[]>] [[-WarningAlgorithm] <String[]>] [[-CriticalAlgorithm] <String[]>]
[[-CriticalKeySize] <Int32>] [[-WarningKeySize] <Int32>] [-Recurse] [<CommonParameters>]
DESCRIPTION
Get-UnhealhtyCertificate checks the local certificate store or file system for
unhealthy SSL certificates. Get-UnhealthyCertificate uses the Get-CertificateHealth
function from the CertificateHealth module to find certificates that have
expired or are expiring soon. It also checks for certificates using deprecated
or vulnerable signature algorithms.
PARAMETERS
-Path <String[]>
Required? false
Position? 1
Default value Cert:\\LocalMachine\\My
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ComputerName <String>
Specify a remote computer.
Required? false
Position? 2
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-WarningDays <Int32>
Specify the amount of days before the certificate expiration should be in
warning state.
Required? false
Position? 3
Default value 60
Accept pipeline input? false
Accept wildcard characters? false
-CriticalDays <Int32>
Specify the amount of days before the certificate expiration should be in
critical state.
Required? false
Position? 4
Default value 30
Accept pipeline input? false
Accept wildcard characters? false
-ExcludedThumbprint <String[]>
Array of thumbprints of certificates that should be excluded from being checked.
This would be used if there is a certificate that is expired, but do not need
to be notified about it.
Required? false
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-WarningAlgorithm <String[]>
Array of algorithms that are deprecated.
Required? false
Position? 6
Default value sha1RSA
Accept pipeline input? false
Accept wildcard characters? false
-CriticalAlgorithm <String[]>
Array of algorithms with known vulnerabilities.
Required? false
Position? 7
Default value md5RSA
Accept pipeline input? false
Accept wildcard characters? false
-CriticalKeySize <Int32>
Required? false
Position? 8
Default value 1024
Accept pipeline input? false
Accept wildcard characters? false
-WarningKeySize <Int32>
Certificates with key size less than this value and greater than the CriticalKeySize
will be considered warning.
Required? false
Position? 9
Default value 2048
Accept pipeline input? false
Accept wildcard characters? false
-Recurse [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Created by: Jason Wasser
Modified: 9/28/2016 11:24:57 AM
Version 1.6
Changelog:
v 1.6
* Added remote computer support through PSRP
v 1.5
* Added certificate key size health check
v 1.4
* Separated Nagios output to a separate function.
v 1.3
* Script renamed to use PowerShell approved verb.
* Script now part of CertificateHealth module and uses associated functions.
v 1.2
* Added Hashing Algorithm to prepare for sha1 deprecation.
v 1.0
* Initial Script
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-UnhealthyCertificate
Checks the computer personal certificate store for unhealthy certificates.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-UnhealthyCertificate -Path C:\\Temp,Cert:\\LocalMachine\\My
Checks the computer personal certificate store and C:\\temp for unhealthy certificates.
RELATED LINKS
https://gallery.technet.microsoft.com/s ... h-b646aeff
Requires -Version 2.0