Page 1 of 1 1
Topic Options
#176337 - 2007-05-18 04:33 AM Expired certificates
wizard79 Offline
Getting the hang of it

Registered: 2003-03-26
Posts: 64
Loc: Australia.
Hi all

Does anyone know how to check a winxp pc for the expiration date on a "personal" certificate. Rather then going to Internet options, content, certificates on every notebook.

I hear there is a tool certutil, but cant work out the cmd line to get info on a personal certificate.
Any ideas?
Thanks
Jon

Top
#176339 - 2007-05-18 05:45 AM Re: Expired certificates [Re: wizard79]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
I've never used that utility, but using certutil -store got me a list of all my certificates. Using WSHPipe ( http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=83201&page=1#Post83201 ) You can get the output into a variable and then parse through it.

something like the following would output the "not after date" (not sure this is the expiry date or not), just remove the if/endif lines and it will display all the contents. (don't forget to paste the WSHPipe UDF to your script)


 Code:
$output=wshpipe("certutil -store",1)
for each $line in $output
  if instr($line,"NotAfter:") 
    ? $line
  endif
next 


Top
#176347 - 2007-05-18 12:30 PM Re: Expired certificates [Re: Allen]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
It looks like certutil is also able to delete certificates. Did not test this because we do not have a test setup for this and I do not want to screw up a production machine.

http://www.geocities.com/rick_lively/MANUALS/COMMANDS/C/CERTUTIF.HTM

quote from certutil /?
 Quote:

-delstore -- Delete certificate from store
-viewdelstore -- Delete certificate from store


Edited by Mart (2007-05-18 12:37 PM)
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176707 - 2007-06-04 04:00 AM Re: Expired certificates [Re: Mart]
wizard79 Offline
Getting the hang of it

Registered: 2003-03-26
Posts: 64
Loc: Australia.
Thanks. Now a question

How do I work out if $correct (date certificate expires) is before end of the year ($expdate). The $correct > $expdate seem to recognise it as a number rather then if one date is before the other?

? "Cert expires: " + $correct
? "End of the year date: " + $expdate

if $correct > $expdate
Open( 3, $server, 5)
WriteLine (3, "@date @time -- Userid: " + @userid + " - Comp name: " + @wksta + " - Cert expires: " + $correct + @CRLF)
Close(3)
endif

Shows:
Cert expires: 17/07/2007
End of the year date: 31/12/2007

Top
#176708 - 2007-06-04 04:35 AM Re: Expired certificates [Re: wizard79]
Gargoyle Offline
MM club member
*****

Registered: 2004-03-09
Posts: 1597
Loc: Valley of the Sun (Arizona, US...
There are many UDF's available to do exactly what you need. Look through the diffent Date Calc udf's.
_________________________
Today is the tomorrow you worried about yesterday.

Top
#176710 - 2007-06-04 06:01 AM Re: Expired certificates [Re: Gargoyle]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Additionally, you will also need to convert your dates to yyyy/mm/dd as this is the standard for kixtart and most/all of the UDFs. To do this, you can either use split, for example, $year=split($correct,"/")[2], or I believe you can also use fnDateTime ( http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=145850&page=7#Post145850 ).
Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.054 seconds in which 0.022 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org