certutil 转储 - 到期日期 p12 - powershell
certutil dump - expiration date p12 - powershell
我不是真正的程序员,但我正在尝试修复一个 Powershell 脚本,它可以帮助我从存档的 P12 证书中获取到期日期。
这是命令:
C:\>certutil.exe -dump c:\p_CERT.p12
Certificates: Not Encrypted
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: 03g3
Issuer: CN=COMPANY MY CA v2, O=Company SL, C=GL
NotBefore: 2012-06-20 11:47
NotAfter: 2022-06-20 11:46
Subject: CN=COMPANY MY CA v2, O=Company SL, C=GL
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 1234124214214214214sdada122
---------------- End Nesting Level 1 ----------------
No key provider information
Cannot find the certificate and private key for decryption.
================ Certificate 1 ================
================ Begin Nesting Level 1 ================
Element 1:
Serial Number: 2100
Issuer: CN=COMPANY MY CA v2, O=Company SL, C=GL
NotBefore: 2018-12-07 08:48
NotAfter: 2020-12-07 08:48
Subject: CN=private_CERT + SERIALNUMBER=445566778899, O=OTHER_Company, C=GL
Non-root Certificate
Cert Hash(sha1): 1234423hhhshshhshsh444423232
---------------- End Nesting Level 1 ----------------
Key Container = PfxContainer
Provider = PfxProvider
Encryption test FAILED
CertUtil: -dump command completed successfully.
有趣的是第二个部分,对于 SERIALNUMBER,"NotAfter: 2020-12-07 08:48"
以此作为灵感来源 (https://gist.github.com/banterCZ/9bd6aa1ab49995fdf018),感谢 banterCZ,我尝试了以下方法。但它不起作用,因为结果不是字段 "NotAfter"。
有没有想过如何用脚本把这部分 "NotAfter: 2020-12-07 08:48" 出来?
########################################################
#
# Check certificates inside a p12 certificate file
#
########################################################
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[string]$location,
[Parameter(Mandatory=$True)]
[int]$threshold
)
[System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"
$certutil="certutil.exe"
$certificate = Invoke-Expression "$certutil -dump '$location'"
foreach($line in $certificate){
if($line.Contains("Element 1:")){
$index = $line.Substring(0,20)
write-host $index
$dateAsString = $line | Select-String -Pattern 'NotAfter' | foreach {$_.groups[""].value}
write-host $dateAsString
#$expirationDate = [datetime]::parseexact($dateAsString,"ddd MMM dd HH:mm:ss yyyy",$null)
break
}
}
$now = ([System.DateTime]::Now)
$daysToExpire = [int]($expirationDate - $now).TotalDays
if ($threshold -lt $daysToExpire) {
Write-Host "[OK] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
exit 0
} elseif ($daysToExpire -lt 0) {
Write-Host "[CRITICAL] Certificate $alias has already expired."
exit 2
} else {
Write-Host "[WARNING] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
exit 1
}
谢谢!
感谢好哥们J.I。这个脚本是固定的吗?
我希望它能帮助其他人。
它查找带有 SERIALNUMBER 的行,将后面的 1 行保存到一个变量等等。
########################################################
#
# Check certificates inside a p12 file
# J.I., banterCZ, trustbyte & Whosebug
#
########################################################
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[string]$location,
[Parameter(Mandatory=$True)]
[string]$certserial,
[Parameter(Mandatory=$True)]
[int]$warning,
[Parameter(Mandatory=$True)]
[int]$critical
)
[System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"
$certutil="certutil.exe"
$certificate = $(Invoke-Expression "$certutil -dump '$location'")
$row = [array]::IndexOf($certificate,$certificate -match "$certserial")
$notbefore = $certificate[$row-1]
$notbefore = $notbefore.ToString().Replace(" NotAfter: ","")
$now = (Get-Date).tostring("yyyy-MM-dd HH:mm")
$date1 = get-date $notbefore
$date2 = get-date $now
$daysToExpire = [int]($date1-$date2).TotalDays
if ($daysToExpire -lt $critical) {
Write-Host "[CRITICAL] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)."
exit 2
} elseif ($daysToExpire -lt $warning) {
Write-Host "[WARNING] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)."
exit 1
} else {
Write-Host "[OK] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)"
exit 0
}
我不是真正的程序员,但我正在尝试修复一个 Powershell 脚本,它可以帮助我从存档的 P12 证书中获取到期日期。
这是命令:
C:\>certutil.exe -dump c:\p_CERT.p12 Certificates: Not Encrypted ================ Certificate 0 ================ ================ Begin Nesting Level 1 ================ Element 0: Serial Number: 03g3 Issuer: CN=COMPANY MY CA v2, O=Company SL, C=GL NotBefore: 2012-06-20 11:47 NotAfter: 2022-06-20 11:46 Subject: CN=COMPANY MY CA v2, O=Company SL, C=GL Signature matches Public Key Root Certificate: Subject matches Issuer Cert Hash(sha1): 1234124214214214214sdada122 ---------------- End Nesting Level 1 ---------------- No key provider information Cannot find the certificate and private key for decryption. ================ Certificate 1 ================ ================ Begin Nesting Level 1 ================ Element 1: Serial Number: 2100 Issuer: CN=COMPANY MY CA v2, O=Company SL, C=GL NotBefore: 2018-12-07 08:48 NotAfter: 2020-12-07 08:48 Subject: CN=private_CERT + SERIALNUMBER=445566778899, O=OTHER_Company, C=GL Non-root Certificate Cert Hash(sha1): 1234423hhhshshhshsh444423232 ---------------- End Nesting Level 1 ---------------- Key Container = PfxContainer Provider = PfxProvider Encryption test FAILED CertUtil: -dump command completed successfully.
有趣的是第二个部分,对于 SERIALNUMBER,"NotAfter: 2020-12-07 08:48"
以此作为灵感来源 (https://gist.github.com/banterCZ/9bd6aa1ab49995fdf018),感谢 banterCZ,我尝试了以下方法。但它不起作用,因为结果不是字段 "NotAfter"。 有没有想过如何用脚本把这部分 "NotAfter: 2020-12-07 08:48" 出来?
########################################################
#
# Check certificates inside a p12 certificate file
#
########################################################
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[string]$location,
[Parameter(Mandatory=$True)]
[int]$threshold
)
[System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"
$certutil="certutil.exe"
$certificate = Invoke-Expression "$certutil -dump '$location'"
foreach($line in $certificate){
if($line.Contains("Element 1:")){
$index = $line.Substring(0,20)
write-host $index
$dateAsString = $line | Select-String -Pattern 'NotAfter' | foreach {$_.groups[""].value}
write-host $dateAsString
#$expirationDate = [datetime]::parseexact($dateAsString,"ddd MMM dd HH:mm:ss yyyy",$null)
break
}
}
$now = ([System.DateTime]::Now)
$daysToExpire = [int]($expirationDate - $now).TotalDays
if ($threshold -lt $daysToExpire) {
Write-Host "[OK] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
exit 0
} elseif ($daysToExpire -lt 0) {
Write-Host "[CRITICAL] Certificate $alias has already expired."
exit 2
} else {
Write-Host "[WARNING] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
exit 1
}
谢谢!
感谢好哥们J.I。这个脚本是固定的吗? 我希望它能帮助其他人。
它查找带有 SERIALNUMBER 的行,将后面的 1 行保存到一个变量等等。
########################################################
#
# Check certificates inside a p12 file
# J.I., banterCZ, trustbyte & Whosebug
#
########################################################
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[string]$location,
[Parameter(Mandatory=$True)]
[string]$certserial,
[Parameter(Mandatory=$True)]
[int]$warning,
[Parameter(Mandatory=$True)]
[int]$critical
)
[System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"
$certutil="certutil.exe"
$certificate = $(Invoke-Expression "$certutil -dump '$location'")
$row = [array]::IndexOf($certificate,$certificate -match "$certserial")
$notbefore = $certificate[$row-1]
$notbefore = $notbefore.ToString().Replace(" NotAfter: ","")
$now = (Get-Date).tostring("yyyy-MM-dd HH:mm")
$date1 = get-date $notbefore
$date2 = get-date $now
$daysToExpire = [int]($date1-$date2).TotalDays
if ($daysToExpire -lt $critical) {
Write-Host "[CRITICAL] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)."
exit 2
} elseif ($daysToExpire -lt $warning) {
Write-Host "[WARNING] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)."
exit 1
} else {
Write-Host "[OK] Certificate '$location' expires in '$notbefore' ($daysToExpire day(s) remaining)"
exit 0
}