Although the title says webserver certificates the script is not limited to webserver certificates only.
This script is useful for admins to check expiry dates of server certificates and be prepared to renew or change them. In case if you have ideas of using this in your server environment and you need help in tweaking this script do let me know.
Please copy & paste script below into a file called "CertExpiryCheck.vbs" and run the script from command line like
C:\> cscript certexpirycheck.vbs [SubjectName]
C:\> cscript certexpirycheck.vbs sukak
* here "sukak" is subject name which usually would be your domain name (FQDN)
* Issued by also shows "sukak" in my case since the test was done using self issued certificate created using selfSSL.exe
'**************************************************
'* CertExpiryCheck.vbs
'* Enumerate certificates with day left for expiry
'**************************************************
Option Explicit
Dim SubjectName
If WScript.Arguments.Count > 0 Then
SubjectName = LCase(WScript.Arguments(0))
Else
CommandUsage
End If
Dim Store, Certificates, Certificate
Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
Set Store = CreateObject("CAPICOM.Store")
Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY
Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, SubjectName, 0)
If Certificates.Count >0 Then
For Each Certificate in Certificates
'Certificate.display() 'If you want to see the Cert in UI
WScript.Echo "*** Subject " & Certificate.SubjectName & " ***"
WScript.Echo "Issued by " & Certificate.IssuerName
WScript.Echo "Valid from " & Certificate.ValidFromDate & " to " & Certificate.ValidToDate
WScript.Echo "Days to expiry " & DateDiff("d",now(),Certificate.ValidToDate)
WScript.Echo
Next
Else
WScript.Echo "No certificates with SubjectName => '" & SubjectName & "'"
End If
Set Certificates = Nothing
Set Store = Nothing
Sub CommandUsage
MsgBox "Usage: CertExpiryCheck.vbs [SubjectName] ", vbInformation,"CertExpiryCheck"
WScript.Quit(1)
End Sub
Just keep in mind you need capicom.dll to use this script. This comes default on Windows 2003 (I guess) but might need to be downloaded and registered on other platforms like Vista. Use regsvr32 capicom.dll to register it first before using the script.
I had written a sample to redirect all http traffic to https (secure) in September 2006 http://www.awesomeideas.net/post/2006/09/03/Redirecting-from-http-to-https-in-IIS7.aspx
In one of our internal discussion alias the question came up that this method does not work when SSL is forced on the website. Step 5 below handles that scenario by checking the "403.4 SSL required" response and handling it during OnEndRequest event.
So let us get into action (I'm using C# for this sample)
- Download and Install IIS7 Managed Module Starter Kit
(Not really a requirement but it would make developing IIS7 modules easier)
- Rename the default class name created to "redir.cs" and rename project/solution/namespace to "http2https"
- Add the following code in "Init" method
// register for the BeginRequest event
application.BeginRequest += new EventHandler(OnBeginRequest);
application.EndRequest += new EventHandler(OnEndRequest);
- Add the following method to implement "BeginRequest" event
//BeginRequest implementation
public void OnBeginRequest(Object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
string HttpUrl = app.Request.Url.ToString();
if (HttpUrl.StartsWith("http:")) //Redirection done only if URL starts with http:
{
HttpUrl = HttpUrl.Replace("http:", "https:");
app.Response.Redirect(HttpUrl.ToString(), true); //Redirecting (http 302) to the same URL but with https
app.Response.End(); //We don't want to any further so end
}
}
-
Add the following method to implement "OnEndRequest" event
//This is for scenario where SSL is forced on the site
public void OnEndRequest(Object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
if (app.Response.StatusCode == 403 && app.Response.SubStatusCode == 4)
{
string HttpUrl = app.Request.Url.ToString();
if (HttpUrl.StartsWith("http:"))
{
HttpUrl = HttpUrl.Replace("http:", "https:");
app.Response.Redirect(HttpUrl.ToString(), true);
app.Response.End();
}
}
- Make sure you have the following in your web.config inside configuration tag
<system.webServer>
<modules>
<add name="redir" type="http2https.redir" />
</modules>
</system.webServer>
Your http to https redirection sample is ready and also works if you force SSL!!!
How to deploy the HttpModule
There are multiple ways you can deploy this component (I'm assuming that it's being deployed for "default website")
Method 1
Create a folder called "App_Code" inside "%systemdrive%\inetpub\wwwroot"
Copy "redir.cs" file into "App_Code" folder
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"
Method 2
Create a folder called "bin" inside "%systemdrive%\inetpub\wwwroot"
Compile "redir.cs" into "redir.dll" and copy it into "bin" folder (to compile -> csc.exe /out:redir.dll /target:library redir.cs)
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"
If you open IIS7 UI and go to Modules you can see your HttpModule listed there.
Source code @ http://www.awesomeideas.net/page/IIS7-http2https.aspx