| wizard79 |
| (Getting the hang of it) |
| 2007-05-18 04:33 AM |
Expired certificates
|
Hi all
Does anyone know how to check a winxp pc for the expiration date on a "personal" certificate. Rather then going to Internet options, content, certificates on every notebook.
I hear there is a tool certutil, but cant work out the cmd line to get info on a personal certificate.
Any ideas?
Thanks
Jon
Allen
|
| (KiX Supporter) |
| 2007-05-18 05:45 AM |
Re: Expired certificates
|
I've never used that utility, but using certutil -store got me a list of all my certificates. Using WSHPipe ( http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=83201&page=1#Post83201 ) You can get the output into a variable and then parse through it.
something like the following would output the "not after date" (not sure this is the expiry date or not), just remove the if/endif lines and it will display all the contents. (don't forget to paste the WSHPipe UDF to your script)
Code:
$output=wshpipe("certutil -store",1)
for each $line in $output
if instr($line,"NotAfter:")
? $line
endif
next
| Mart |
| (KiX Supporter) |
| 2007-05-18 12:30 PM |
|
|
Re: Expired certificates
|
It looks like certutil is also able to delete certificates. Did not test this because we do not have a test setup for this and I do not want to screw up a production machine.
http://www.geocities.com/rick_lively/MANUALS/COMMANDS/C/CERTUTIF.HTM
quote from certutil /?
Quote:
-delstore -- Delete certificate from store
-viewdelstore -- Delete certificate from store
| wizard79 |
| (Getting the hang of it) |
| 2007-06-04 04:00 AM |
|
Re: Expired certificates
|
Thanks. Now a question
How do I work out if $correct (date certificate expires) is before end of the year ($expdate). The $correct > $expdate seem to recognise it as a number rather then if one date is before the other?
? "Cert expires: " + $correct
? "End of the year date: " + $expdate
if $correct > $expdate
Open( 3, $server, 5)
WriteLine (3, "@date @time -- Userid: " + @userid + " - Comp name: " + @wksta + " - Cert expires: " + $correct + @CRLF)
Close(3)
endif
Shows:
Cert expires: 17/07/2007
End of the year date: 31/12/2007
| Gargoyle |
| (MM club member) |
| 2007-06-04 04:35 AM |
|
|
Re: Expired certificates
|
There are many UDF's available to do exactly what you need. Look through the diffent Date Calc udf's.
|
Allen
|
| (KiX Supporter) |
| 2007-06-04 06:01 AM |
|
Re: Expired certificates
|
Additionally, you will also need to convert your dates to yyyy/mm/dd as this is the standard for kixtart and most/all of the UDFs. To do this, you can either use split, for example, $year=split($correct,"/")[2], or I believe you can also use fnDateTime ( http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=145850&page=7#Post145850 ).