How to find expired certificates

Hey folks, in today’s short article I will show you how in easy way check expired certificates.

Script which I prepared is very easy and yes I know that it can be done in one-liner. 🙂
However I’ve decided to split it for few phases:
Phase 1 – Check actual date
Phase 2 – Gather all certificates
Phase 3 – Filter only objects which are certificates and NotAfter attribute is older than today.
Phase 4 – Export results to CSV file

$Today = Get-Date
$Certificates = Get-ChildItem Cert:\ -Recurse 
$ExpiredCertificates = $Certificates | Where-Object {($_.NotAfter -lt $Today) -and ($_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2])} | Select-Object FriendlyName, NotAfter, PSParentPath, Issuer
$ExpiredCertificates | Export-Csv -Path C:\ExpiredCertificates.CSV -NoTypeInformation

As a result CSV file will be generated with all expired certificates.
You can also check $ExpiredCertificates variable in order to display results directly in PowerShell.

Hope it will be usefull for some of you 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.