使用下面的 PowerShell 脚本,如何检查 SSL 证书的有效性?
Using PowerShell script below, how to check the SSL certificate validity?
我需要修改下面的脚本,这样我就可以获取 AD 服务器列表,然后检查服务器中的任何 SSL 证书是否有效。
注意:服务器可能会也可能不会运行 IIS,这就是我不确定如何正确执行的原因。
$ComputerName = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com"
[CmdletBinding()]
param(
[parameter(Mandatory, ValueFromPipeline)][string[]]$ComputerName,
[int]$TCPPort = 443,
[int]$Timeoutms = 3000
)
process {
foreach ($computer in $computerName) {
$port = $TCPPort
write-verbose "$computer`: Connecting on port $port"
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$req = [Net.HttpWebRequest]::Create("https://$computer`:$port/")
$req.Timeout = $Timeoutms
try {$req.GetResponse() | Out-Null} catch {write-error "Couldn't connect to $computer on port $port"; continue}
if (!($req.ServicePoint.Certificate)) {write-error "No Certificate returned on $computer"; continue}
$certinfo = $req.ServicePoint.Certificate
$returnobj = [ordered]@{
ComputerName = $computer;
Port = $port;
Subject = $certinfo.Subject;
Thumbprint = $certinfo.GetCertHashString();
Issuer = $certinfo.Issuer;
SerialNumber = $certinfo.GetSerialNumberString();
Issued = [DateTime]$certinfo.GetEffectiveDateString();
Expires = [DateTime]$certinfo.GetExpirationDateString();
}
new-object PSCustomObject -Property $returnobj
}
}
我不确定您是否忘记将函数实例化放在最前面,但以下应该是 PowerShell 中高级函数的正确格式。您还可以使用 Get-ADComputer[=17= 为参数 $ComputerName 提供默认值] 命令。试试看是否有效。
function Get-ADComputerCert {
[CmdletBinding()]
param(
[int]$TCPPort = 443,
[int]$Timeoutms = 3000
)
process {
$ComputerName = (Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com").Name
foreach ($computer in $computerName) {
$port = $TCPPort
write-verbose "$computer`: Connecting on port $port"
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$req = [Net.HttpWebRequest]::Create("https://$computer`:$port/")
$req.Timeout = $Timeoutms
try {$req.GetResponse() | Out-Null} catch {write-error "Couldn't connect to $computer on port $port"; continue}
if (!($req.ServicePoint.Certificate)) {write-error "No Certificate returned on $computer"; continue}
$certinfo = $req.ServicePoint.Certificate
$returnobj = [ordered]@{
ComputerName = $computer;
Port = $port;
Subject = $certinfo.Subject;
Thumbprint = $certinfo.GetCertHashString();
Issuer = $certinfo.Issuer;
SerialNumber = $certinfo.GetSerialNumberString();
Issued = [DateTime]$certinfo.GetEffectiveDateString();
Expires = [DateTime]$certinfo.GetExpirationDateString();
}
new-object PSCustomObject -Property $returnobj
}
}
}
我需要修改下面的脚本,这样我就可以获取 AD 服务器列表,然后检查服务器中的任何 SSL 证书是否有效。
注意:服务器可能会也可能不会运行 IIS,这就是我不确定如何正确执行的原因。
$ComputerName = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com"
[CmdletBinding()]
param(
[parameter(Mandatory, ValueFromPipeline)][string[]]$ComputerName,
[int]$TCPPort = 443,
[int]$Timeoutms = 3000
)
process {
foreach ($computer in $computerName) {
$port = $TCPPort
write-verbose "$computer`: Connecting on port $port"
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$req = [Net.HttpWebRequest]::Create("https://$computer`:$port/")
$req.Timeout = $Timeoutms
try {$req.GetResponse() | Out-Null} catch {write-error "Couldn't connect to $computer on port $port"; continue}
if (!($req.ServicePoint.Certificate)) {write-error "No Certificate returned on $computer"; continue}
$certinfo = $req.ServicePoint.Certificate
$returnobj = [ordered]@{
ComputerName = $computer;
Port = $port;
Subject = $certinfo.Subject;
Thumbprint = $certinfo.GetCertHashString();
Issuer = $certinfo.Issuer;
SerialNumber = $certinfo.GetSerialNumberString();
Issued = [DateTime]$certinfo.GetEffectiveDateString();
Expires = [DateTime]$certinfo.GetExpirationDateString();
}
new-object PSCustomObject -Property $returnobj
}
}
我不确定您是否忘记将函数实例化放在最前面,但以下应该是 PowerShell 中高级函数的正确格式。您还可以使用 Get-ADComputer[=17= 为参数 $ComputerName 提供默认值] 命令。试试看是否有效。
function Get-ADComputerCert {
[CmdletBinding()]
param(
[int]$TCPPort = 443,
[int]$Timeoutms = 3000
)
process {
$ComputerName = (Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com").Name
foreach ($computer in $computerName) {
$port = $TCPPort
write-verbose "$computer`: Connecting on port $port"
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$req = [Net.HttpWebRequest]::Create("https://$computer`:$port/")
$req.Timeout = $Timeoutms
try {$req.GetResponse() | Out-Null} catch {write-error "Couldn't connect to $computer on port $port"; continue}
if (!($req.ServicePoint.Certificate)) {write-error "No Certificate returned on $computer"; continue}
$certinfo = $req.ServicePoint.Certificate
$returnobj = [ordered]@{
ComputerName = $computer;
Port = $port;
Subject = $certinfo.Subject;
Thumbprint = $certinfo.GetCertHashString();
Issuer = $certinfo.Issuer;
SerialNumber = $certinfo.GetSerialNumberString();
Issued = [DateTime]$certinfo.GetEffectiveDateString();
Expires = [DateTime]$certinfo.GetExpirationDateString();
}
new-object PSCustomObject -Property $returnobj
}
}
}