We have large SharePoint environments where we use different certificates. Certificates expires over the period of times and some time admins leave old certificates on the servers which cause confusions. To Avoid this behavior I wrote the script below to check Root and Personal certs from all servers that I need and save it to CSV. I have not made the servers list SharePoint specific so you can add as many servers as you needed. The script also sends the CSV as email. I hope it might save time for others.
Add-PSSnapin “Microsoft.SharePoint.PowerShell” -ErrorAction SilentlyContinue
#The mail address of who will receive the backup exception message
$from
= “someone@domain.com”
#Send email function
function
SendMail($subject, $body, $file)
{
try
{
#Getting SMTP server name and Outbound mail sender address
$caWebApp = (Get-SPWebApplication -IncludeCentralAdministration) | ? { $_.IsAdministrationWebApplication -eq $true }
$smtpServer = $caWebApp.OutboundMailServiceInstance.Server.Address
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
#Creating a Mail object
$message = New-Object System.Net.Mail.MailMessage
$att = New-Object System.Net.Mail.Attachment($file)
$message.Subject = $subject
$message.Body = $body
$message.Attachments.Add($att)
$To = “someone@domain.com”
$message.To.Add($to)
$message.From = $from
#Creating SMTP server object
#Sending email
$smtp.Send($message)
Write-Host “Email has been Sent!”
}
catch [System.Exception]
{
Write-Host “Mail Sending Error:” $_.Exception.Message -ForegroundColor Red
}
}
function
Get-Cert($computer){
$ro=[System.Security.Cryptography.X509Certificates.OpenFlags]“ReadOnly”
$lm=[System.Security.Cryptography.X509Certificates.StoreLocation]“LocalMachine”
$store=new-object System.Security.Cryptography.X509Certificates.X509Store(“\\$computer\My”,$lm)
$store.Open($ro)
$store.Certificates
}
function
Get-RootCert($computer){
$ro=[System.Security.Cryptography.X509Certificates.OpenFlags]“ReadOnly”
$lm=[System.Security.Cryptography.X509Certificates.StoreLocation]“LocalMachine”
$store=new-object System.Security.Cryptography.X509Certificates.X509Store(“\\$computer\root”,$lm)
$store.Open($ro)
$store.Certificates
}
$Servers
= @(“Server1”,“Server2”)
$datestring
= (Get-Date).ToString(“s”).Replace(“:”,“-“)
$file
= “E:\temp\Certificates-$env:COMPUTERNAME–$datestring.csv”
$Databases
= @();
foreach
($Server in $Servers)
{
$Certs = Get-Cert($Server)
foreach($Cert in $Certs)
{
$FriendlyName = $cert.FriendlyName
$Thumbprint = $Cert.Thumbprint
$Issuer = $Cert.Issuer
$Subject = $Cert.Subject
$SerialNumber = $Cert.SerialNumber
$NotAfter = $Cert.NotAfter
$NotBefore = $Cert.NotBefore
$DnsNameList = $cert.DnsNameList
$Version = $cert.Version
$DB = New-Object PSObject
Add-Member -input $DB noteproperty ‘ComputerName’ $Server
Add-Member -input $DB noteproperty ‘FriendlyName’ $FriendlyName
Add-Member -input $DB noteproperty ‘DnsNameList’ $DnsNameList
Add-Member -input $DB noteproperty ‘ExpirationDate’ $NotAfter
Add-Member -input $DB noteproperty ‘IssueDate’ $NotBefore
Add-Member -input $DB noteproperty ‘Thumbprint’ $Thumbprint
Add-Member -input $DB noteproperty ‘Issuer’ $Issuer
Add-Member -input $DB noteproperty ‘Subject’ $Subject
Add-Member -input $DB noteproperty ‘SerialNumber’ $SerialNumber
$Databases += $DB
}
$RootCerts = Get-RootCert($Server)
foreach($Cert in $RootCerts)
{
$FriendlyName = $cert.FriendlyName
$Thumbprint = $Cert.Thumbprint
$Issuer = $Cert.Issuer
$Subject = $Cert.Subject
$SerialNumber = $Cert.SerialNumber
$NotAfter = $Cert.NotAfter
$NotBefore = $Cert.NotBefore
$DnsNameList = $cert.DnsNameList
$Version = $cert.Version
$DB = New-Object PSObject
Add-Member -input $DB noteproperty ‘ComputerName’ $Server
Add-Member -input $DB noteproperty ‘FriendlyName’ $FriendlyName
Add-Member -input $DB noteproperty ‘DnsNameList’ $DnsNameList
Add-Member -input $DB noteproperty ‘ExpirationDate’ $NotAfter
Add-Member -input $DB noteproperty ‘IssueDate’ $NotBefore
Add-Member -input $DB noteproperty ‘Thumbprint’ $Thumbprint
Add-Member -input $DB noteproperty ‘Issuer’ $Issuer
Add-Member -input $DB noteproperty ‘Subject’ $Subject
Add-Member -input $DB noteproperty ‘SerialNumber’ $SerialNumber
$Databases += $DB
}
}
# $Databases | Out-GridView
$Databases
| Sort FriendlyName | Export-Csv -Path $file -NoTypeInformation -Append -Force
SendMail
“Farm Sertificates” “Server Certificates” $file
Script is also available at
https://gallery.technet.microsoft.com/Export-Server-Certificates-eba16e6e