All replies

• 

  

  0

  Sign in to vote

  Please read this first: https://social.technet.microsoft.com/Forums/scriptcenter/en-US/c47b1bc2-f7fd-4d2e-8ff2-e8a81ce090d4/this-forum-is-for-scripting-questions-rather-than-script-requests?forum=ITCG

  Also find scripts here: http://gallery.technet.microsoft.com/

  Learn PowerShell: https://mva.microsoft.com/en-us/training-courses/getting-started-with-microsoft-powershell-8276

  Script requests: https://gallery.technet.microsoft.com/scriptcenter/site/requests

  ---

  \_(ツ)_/

  Saturday, December 16, 2017 10:10 PM
• 

  

  0

  Sign in to vote

  Hi Chris,

  You could give it a try with a Certutil -View command, suitably tailored with -Restrict and -Out parameters.

  An Example for a -Restrict Parameter, having a certificate issued at a specific date would add the -Restrict "NotBefore<=<Start Date+Time>",NotBefore>=<End Date+Time>".

  An example for -Out parameter would be the -Out RawCertificate parameter, which gives you the base64 encoded certificate (all you have to do is copy-paste all between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- into notepad and save the file as .cer. The following article may give you a hint (https://blogs.technet.microsoft.com/pki/2008/04/24/how-to-determine-all-certificates-that-will-expire-within-30-days/).
  

  But if you have many repeating or versatile queries, there is a somewhat cumbersome but highly effective API. It's called iCertView2 (https://msdn.microsoft.com/en-us/library/windows/desktop/aa385417(v=vs.85).aspx). It allows you to access the entire CA database, row by row, column by column. The rest is a matter or parsing once you get the hang of it. Especially since you need to send different parts of the output to different CertReq commands, this may be more handy, as you get all the parts as individual properties.

  Tuesday, December 19, 2017 1:38 PM