So you’ll no longer be taken off guard by expiring certificates, we’ve created a PowerShell script, with the help of which you will receive an email with the required information, at a time determined by you.
Aim
This How-To deals with setting up a script that will help you to keep a close eye on the expiration dates of important certificates, such as Proxy, Client, or SSL certificates, or the Apple push certificate.
After successfully setting up the email notification, instead of being taken off guard by expiring certificates, you’ll be conveniently informed if a certificate required by Cortado Server needs to be renewed.
Implementation
To receive a notification about expiring certificates, you go to PowerShell. With the Task Scheduler from Windows Server, a Trigger is set up to automatically send an email if an expiry date is approaching. This will list all the certificates that are due to expire within a predetermined time period.
Configuring the PowerShell script
- Download the following script.
- Open the script and, under ExpiringInDays, enter in how many days before the expiry you want to receive the certificate warning (arrow in illus.). If you enter in a ‘0’, all the expired certificates will be shown. However, if you enter a number greater than ‘0’, you will specify the time period (in days). 30 days is the default entry.
- Edit the settings you require for your mail server at the end of the script (arrow in illus.).
- You can also make further adjustments to the email template. For example, the text of the email can be edited.
- The script is now ready to use. Now place the script in an appropriate folder on your server.
Configuring the Task Scheduler
- Log on to the server on which you want to set up the email notification and start the Task Scheduler there. Click on Create Task, to create a new task (arrow in illus.).
- Configure the Generaltab of the Task Scheduler (as shown in the illus.):
- Enter a name and a description.
- Select Run whether user is logged on or not (lower arrow in illus.).
- Go to the Triggers tab and click on New.
- If needed, change the drop down menu Begin the task to On an event (upper arrow in illus.).
- Under Settings select the Custom option (lower arrow in illus.).
- Select New Event Filter, to create a new filter (middle arrow in illus.).
- Configure the filter as shown in the illus.:
- Check the checkboxes under Event level (upper arrow in illus.).
- Select under Event logs→ Microsoft-Windows-CertificateServicesClient-Lifecycle-System and Microsoft-Windows-CertificateServicesClient-Lifecycle-User (middle and lower arrow in illus.).
- Click on OK to finish.
- Now go to the Actions tab and click on New to create a new action.
- Configure the new action, as depicted in the illustration:
- Under Program/script, enter the program with which the script is to be opened (powershell.exe) (upper arrow in illus.).
- In Add arguments (optional) enter the path to the script file Cccertwarn.ps1 and the Powershell command -ExecutionPolicy Bypass:
- <Path to PS Script> -ExecutionPolicy Bypass (lower arrow in illus.).
- Click OK to confirm the settings.
Summary
After these steps have been completed, the script is ready to be used. When a warning regarding an expiring certificate appears in the Eventviewer, an email will be sent to the email address you nominated. This email will list all the certificates that are due to expire within the time period you specified in the script.
