Export Server Certificates to CSV and Email


We have large SharePoint environments where we use different certificates.  Certificates expires over the period of times and some time admins leave old certificates on the servers which cause confusions.  To Avoid this behavior I wrote the script below to check Root and Personal certs from all servers that I need and save it to CSV.  I have not made the servers list SharePoint specific so you can add as many servers as you needed.  The script also sends the CSV as email.  I hope it might save time for others.

Add-PSSnapin “Microsoft.SharePoint.PowerShell” -ErrorAction SilentlyContinue

#The mail address of who will receive the backup exception message

 

$from

 

= “someone@domain.com”

#Send email function

 

function

 

SendMail($subject, $body, $file)

{

try

{

#Getting SMTP server name and Outbound mail sender address

$caWebApp = (Get-SPWebApplication -IncludeCentralAdministration) | ? { $_.IsAdministrationWebApplication -eq $true }

$smtpServer = $caWebApp.OutboundMailServiceInstance.Server.Address

$smtp = new-object Net.Mail.SmtpClient($smtpServer)

#Creating a Mail object

$message = New-Object System.Net.Mail.MailMessage

$att = New-Object System.Net.Mail.Attachment($file)

$message.Subject = $subject

$message.Body = $body

$message.Attachments.Add($att)

$To = “someone@domain.com”

$message.To.Add($to)

$message.From = $from

#Creating SMTP server object

#Sending email

$smtp.Send($message)

Write-Host “Email has been Sent!”

}

catch [System.Exception]

{

Write-Host “Mail Sending Error:” $_.Exception.Message -ForegroundColor Red

}

}

 

function

 

Get-Cert($computer){

$ro=[System.Security.Cryptography.X509Certificates.OpenFlags]“ReadOnly”

$lm=[System.Security.Cryptography.X509Certificates.StoreLocation]“LocalMachine”

$store=new-object System.Security.Cryptography.X509Certificates.X509Store(“\\$computer\My”,$lm)

$store.Open($ro)

$store.Certificates

}

 

function

 

Get-RootCert($computer){

$ro=[System.Security.Cryptography.X509Certificates.OpenFlags]“ReadOnly”

$lm=[System.Security.Cryptography.X509Certificates.StoreLocation]“LocalMachine”

$store=new-object System.Security.Cryptography.X509Certificates.X509Store(“\\$computer\root”,$lm)

$store.Open($ro)

$store.Certificates

}

 

$Servers

 

= @(“Server1”,“Server2”)

$datestring

 

= (Get-Date).ToString(“s”).Replace(“:”,“-“)

$file

 

= “E:\temp\Certificates-$env:COMPUTERNAME$datestring.csv”

$Databases

 

= @();

foreach

 

($Server in $Servers)

{

$Certs = Get-Cert($Server)

foreach($Cert in $Certs)

{

$FriendlyName = $cert.FriendlyName

$Thumbprint = $Cert.Thumbprint

$Issuer = $Cert.Issuer

$Subject = $Cert.Subject

$SerialNumber = $Cert.SerialNumber

$NotAfter = $Cert.NotAfter

$NotBefore = $Cert.NotBefore

$DnsNameList = $cert.DnsNameList

$Version = $cert.Version

$DB = New-Object PSObject

Add-Member -input $DB noteproperty ‘ComputerName’ $Server

Add-Member -input $DB noteproperty ‘FriendlyName’ $FriendlyName

Add-Member -input $DB noteproperty ‘DnsNameList’ $DnsNameList

Add-Member -input $DB noteproperty ‘ExpirationDate’ $NotAfter

Add-Member -input $DB noteproperty ‘IssueDate’ $NotBefore

Add-Member -input $DB noteproperty ‘Thumbprint’ $Thumbprint

Add-Member -input $DB noteproperty ‘Issuer’ $Issuer

Add-Member -input $DB noteproperty ‘Subject’ $Subject

Add-Member -input $DB noteproperty ‘SerialNumber’ $SerialNumber

$Databases += $DB

}

$RootCerts = Get-RootCert($Server)

foreach($Cert in $RootCerts)

{

$FriendlyName = $cert.FriendlyName

$Thumbprint = $Cert.Thumbprint

$Issuer = $Cert.Issuer

$Subject = $Cert.Subject

$SerialNumber = $Cert.SerialNumber

$NotAfter = $Cert.NotAfter

$NotBefore = $Cert.NotBefore

$DnsNameList = $cert.DnsNameList

$Version = $cert.Version

$DB = New-Object PSObject

Add-Member -input $DB noteproperty ‘ComputerName’ $Server

Add-Member -input $DB noteproperty ‘FriendlyName’ $FriendlyName

Add-Member -input $DB noteproperty ‘DnsNameList’ $DnsNameList

Add-Member -input $DB noteproperty ‘ExpirationDate’ $NotAfter

Add-Member -input $DB noteproperty ‘IssueDate’ $NotBefore

Add-Member -input $DB noteproperty ‘Thumbprint’ $Thumbprint

Add-Member -input $DB noteproperty ‘Issuer’ $Issuer

Add-Member -input $DB noteproperty ‘Subject’ $Subject

Add-Member -input $DB noteproperty ‘SerialNumber’ $SerialNumber

$Databases += $DB

}

}

 

# $Databases | Out-GridView

 

$Databases

 

| Sort FriendlyName | Export-Csv -Path $file -NoTypeInformation -Append -Force

SendMail

 

“Farm Sertificates” “Server Certificates” $file

Script is also available at

https://gallery.technet.microsoft.com/Export-Server-Certificates-eba16e6e