How to Check certificate expiry for webserver (IIS) certificates using script
Although the title says webserver certificates the script is not limited to webserver certificates only.
This script is useful for admins to check expiry dates of server certificates and be prepared to renew or change them. In case if you have ideas of using this in your server environment and you need help in tweaking this script do let me know.
Please copy & paste script below into a file called "CertExpiryCheck.vbs" and run the script from command line like
C:\> cscript certexpirycheck.vbs [SubjectName]
C:\> cscript certexpirycheck.vbs sukak
* here "sukak" is subject name which usually would be your domain name (FQDN)
* Issued by also shows "sukak" in my case since the test was done using self issued certificate created using selfSSL.exe
'************************************************** '* CertExpiryCheck.vbs '* Enumerate certificates with day left for expiry '************************************************** Option Explicit Dim SubjectName If WScript.Arguments.Count > 0 Then SubjectName = LCase(WScript.Arguments(0)) Else CommandUsage End If Dim Store, Certificates, Certificate Const CAPICOM_LOCAL_MACHINE_STORE = 1 Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1 Const CAPICOM_STORE_OPEN_READ_ONLY = 0 Set Store = CreateObject("CAPICOM.Store") Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, SubjectName, 0) If Certificates.Count >0 Then For Each Certificate in Certificates 'Certificate.display() 'If you want to see the Cert in UI WScript.Echo "*** Subject " & Certificate.SubjectName & " ***" WScript.Echo "Issued by " & Certificate.IssuerName WScript.Echo "Valid from " & Certificate.ValidFromDate & " to " & Certificate.ValidToDate WScript.Echo "Days to expiry " & DateDiff("d",now(),Certificate.ValidToDate) WScript.Echo Next Else WScript.Echo "No certificates with SubjectName => '" & SubjectName & "'" End If Set Certificates = Nothing Set Store = Nothing Sub CommandUsage MsgBox "Usage: CertExpiryCheck.vbs [SubjectName] ", vbInformation,"CertExpiryCheck" WScript.Quit(1) End Sub
Just keep in mind you need capicom.dll to use this script. This comes default on Windows 2003 (I guess) but might need to be downloaded and registered on other platforms like Vista. Use regsvr32 capicom.dll to register it first before using the script.