How to check windows certificate expiry date using PowerShell?

PowerShellMicrosoft TechnologiesSoftware & Coding

To get the particular windows certificate expiry date from the particular store, we first need the full path of that certificate along with a thumbprint. If the thumbprint is not known to you, we can use the friendly name.

With the thumbprint,

Get-ChildItem Cert:\LocalMachine\root\0563B8630D62D75 | fl *

When you run the above command, it will get all the details of the certificate having thumbprint 0563B8630D62D75.

There you can see there are two fields listed, NotAfter and NotBefore which shows the expiry and start dates respectively. To filter them out,

Example

Get-ChildItem Cert:\LocalMachine\root\0563B8630D62D75 | Select FriendlyName, NotAfter,NotBefore

Output

FriendlyName NotAfter   NotBefore
------------ --------   ---------
DigiCert     11/9/2031  4:00:00 PM 11/9/2006 4:00:00 PM

With the FriendlyName property,

Get-ChildItem Cert:\LocalMachine\root\ | where{$_.FriendlyName -eq “DigiCert”} | Select FriendlyName, NotAfter,NotBefore

To get the details from the remote computer, use the Invoke-Command.

Invoke-Command -ComputerName Test1PC, Test2PC -ScriptBlock {
   Get-ChildItem Cert:\LocalMachine\root\ | where{$_.FriendlyName -eq “DigiCert”} | Select FriendlyName, NotAfter,NotBefore
}
raja
Published on 08-Feb-2021 07:43:35
Advertisements