Author Posts

January 1, 2012 at 12:00 am

by tommygun at 2013-04-18 21:37:35

Hi there,
I have the code below that I can point to my local Active Directory Certificate Authority and it will pull back expiring certificates, based on a set number of days.
How do i run this script? I have copied the script and created a cascript.ps1 file and changed the $CAlocation="CAServer\Some Root CA" to my CA server and name and $duedays=365 though when I run it in powershell ./cascript.ps1 it doesn't output anything.... any help will be greatly appreciated. Thanks

function get-ExpiringCerts ($duedays=60,$CAlocation="CAServer\Some Root CA") {
$certs = @()
$now = get-Date;
$expirationdate = $now.AddDays($duedays)
$CaView = New-Object -Com CertificateAuthority.View.1
[void]$CaView.OpenConnection($CAlocation)
$CaView.SetResultColumnCount(5)
$index0 = $CaView.GetColumnIndex($false, "Issued Common Name")
$index1 = $CaView.GetColumnIndex($false, "Certificate Expiration Date")
$index2 = $CaView.GetColumnIndex($false, "Issued Email Address")
$index3 = $CaView.GetColumnIndex($false, "Certificate Template")
$index4 = $CaView.GetColumnIndex($false, "Request Disposition")
$index0, $index1, $index2, $index3, $index4 | %{$CAView.SetResultColumn($_) }

# CVR_SORT_NONE 0
# CVR_SEEK_EQ 1
# CVR_SEEK_LT 2
# CVR_SEEK_GT 16

$index1 = $CaView.GetColumnIndex($false, "Certificate Expiration Date")
$CAView.SetRestriction($index1,16,0,$now)
$CAView.SetRestriction($index1,2,0,$expirationdate)

# brief disposition code explanation:
# 9 - pending for approval
# 15 - CA certificate renewal
# 16 - CA certificate chain
# 20 - issued certificates
# 21 - revoked certificates
# all other - failed requests
$CAView.SetRestriction($index4,1,0,20)

$RowObj= $CAView.OpenView()

while ($Rowobj.Next() -ne -1){
$Cert = New-Object PsObject
$ColObj = $RowObj.EnumCertViewColumn()
[void]$ColObj.Next()
do {
$current = $ColObj.GetName()
$Cert | Add-Member -MemberType NoteProperty $($ColObj.GetDisplayName()) -Value $($ColObj.GetValue(1)) -Force
} until ($ColObj.Next() -eq -1)
Clear-Variable ColObj
$datediff = New-TimeSpan -Start ($now) -End ($cert."Certificate Expiration Date")

"Certificate " + $cert."Issued Common Name" + " will expire in " + $dateDiff.Days + " days at " + $cert."Certificate Expiration Date"
#"Send email to : " + $cert."Issued Email Address"
"------------------------"
}
$RowObj.Reset()
$CaView = $null
[GC]::Collect()
}

get-ExpiringCerts -duedays 365 -CAlocation "CAServer\Some Root CA"

by DonJ at 2013-04-19 08:32:53

You'll have to add some debugging code to this, and see what's happening.

First, at the very top of the function, add:

[CmdletBinding()]
Param($duedays=60,$CAlocation="CAServer\Some Root CA")

Remove the existing

($duedays=60,$CAlocation="CAServer\Some Root CA")

that's after the function keyword and function name.

Modify the last line to add -Verbose to the function call.... put it after the -duedays and -calocation parameters.

Then, in the function, you can start adding Write-Verbose statements.

For example, I might do this:


do {
$current = $ColObj.GetName()
Write-Verbose "Current is $current"

In other words, just getting some output to tell me what the script is doing, and what's going inside the variables.

If it's not producing ANY output, then I suspect it's not executing either the while loop. Which means $RowObj never has anything in it. So, I might just run some of those lines manually, from the console – everything up to the while loop, for example, to see what happened.

Sorry, it's tough for me to debug a script I can't run, but that's the approach I'd take if I were sitting down with you. Run each command one at a time, just like the script is doing, and see what you get after each line.