This repository contains a collection of scripts that help keep an eye on the certificate expiration on a Windows certification authority (CA).
The scripts can be run manually.
But it is advised to automate the job with the Windows Task Scheduler.
For full coverage and to have time left to renew expiring certs, run the script via the Task Scheduler every 14 Days.
You can use the System Account for running the Script, but i advise you to an account with read right to the certificate Authority.
This Script creates a csv with all certificates that will expire in the next 30 days.
After that it will create a email for each unique emailaddress specified in the certificate, with all corresponding certificates listed in the mailbody.
The Script also checks for new certificates and matches them to the expiring certs and removes those from the mail.
Watch out for certificates where no emailaddress is specified, fill the $cc variable for that scenario.
You will need to fill in the following Infos into the Script:
$cc = '' # Use as fallback if the Mailaddress is not set for a certificate, '[email protected]'
$smtphost = '' # FQDN or IP of your SMTP Server or Relay, 'smtp.example.com'
$maildomain = '' # Add your Maildomain, only needed for the Senderadress which is build from the Systemname and the Maildomain, 'example.com'
This repository is licensed under the GNU General Public License v3.0.
For more information, see the LICENSE file.
This repository is for educational and informational purposes only.
The author assumes no liability for any damages that may arise from the use of the contents of this repository.
Contributions are always welcome! If you find an error or would like to suggest an improvement, please create an issue.