SOTI Pulse Logo

Verify Certificate Expiration

SOTI MobiControl
Windows

Digital certificates are vital for secure communication and data protection within an organization. To ensure continued security and compliance, IT administrators must track the expiration dates of certificates on Windows devices. The Verify Certificate Expiration script enables administrators to remotely check the expiration status of all certificates installed on enrolled devices. By automating this process through SOTI MobiControl, administrators can proactively identify expired certificates, replace them in a timely manner, and prevent any disruptions to secure operations.

Important:
  • It is recommended to test the script on a local/ test machine for its purpose and effects. 
  • SOTI MobiControl will not be responsible for any damage/loss to the data/setup based on the behavior of the script.

List certificates in a folder for Local Machine

1 Get-Childitem cert:\LocalMachine\Root | format-list

List certificates in a folder for Current User

1 Get-Childitem cert:\CurrentUser\My | format-list

List certificates that have expired or are nearing expiry for Local Machine

1 Get-ChildItem -Path Cert:\localmachine\root | ?{$_.NotAfter -lt (get-date).AddDays(60)} | fl

List certificates that have expired or are nearing expiry for Current User

1 Get-ChildItem -Path Cert:\CurrentUser\root | ?{$_.NotAfter -lt (get-date).AddDays(60)} | fl

Find certificate details using friendly name for Local Machine

1 Get-ChildItem Cert:\LocalMachine\CertificateStoreName | where{$_.FriendlyName -eq '<friendly name>'} | fl *

Find certificate details using friendly name for Current User

1 Get-ChildItem Cert:\CurrentUser\CertificateStoreName | where{$_.FriendlyName -eq '<friendly name>'} | fl *

Recursively Find and Display All Properties of a Certificate Matching a Specific Friendly Name

1 Get-ChildItem Cert:\LocalMachine\ -Recurse | where{$_.FriendlyName -eq '<friendlyname>'} | fl *

Recursively Find and Display All Properties of a Certificate Matching a Specific Friendly Name in the Current User Certificate Store

1 Get-ChildItem Cert:\CurrentUser\ -Recurse | where{$_.FriendlyName -eq '<friendlyname>'} | fl *

Check expiry date of a certificate accessible to all the users on the device

1 Get-Childitem cert:\LocalMachine\CertificateStoreName\ThumbPrint | Select-Object FriendlyName,NotAfter,NotBefore

Check expiry date of a certificate accessible to current user of the device

1 Get-Childitem cert:\CurrentUser\CertificateStoreName\ThumbPrint | Select-Object FriendlyName,NotAfter,NotBefore

Was this helpful?

Need more help?
Ask Community