locked
How to export all certificates expiring with templates RRS feed

  • Question

  • Hi, 

    i need some assistance im trying to export all certificates expiring from a PKI solution and i want the command to run for each certificate template. 

    so far i can export the certificates by adding all the certificate templates in the power shell script but i want this to be an external csv file that i can call on and loop the code for each template in the csv. 

    im using the below command to get the cert,

    certutil.exe –view –restrict "NotAfter>=$now,NotAfter<=$90days,Disposition=20,certificate template=$CA_Exchange" -out "request.submittedwhen,Request.RequestID,Request.RequesterName,Organization,EMail,NotBefore,NotAfter,CommonName,CertificateTemplate" > $exportCAFileName

    and i run this for each template, i only want this to be done so it looks at the csv and loops this for each template in the csv 

    Wednesday, November 7, 2018 11:35 AM

All replies

  • Start here:

    help import-csv -online.

    Look carefully at the examples to learn how to use a Csv with PowerShell.


    \_(ツ)_/

    Wednesday, November 7, 2018 11:39 AM
  • thanks that has sort of worked for getting the info in but it doesn't seem to query the correct information so i have the below.

    # Template csv file stored locally on C: Drive
    $CertTemplates = "C:\PKIReport\Templatecert.csv"
    $csvfile = Import-Csv $CertTemplates


    #Loop querying the csv file for each certificate template

    Foreach($Certificate in $csvfile)
    {
    $templatecert = $Certificate
    $templatecert2 = $Certificate.CertTemplate
    $templatename = $Certificate.Template_Name 
    certutil.exe –view –restrict "NotAfter>=$now,NotAfter<=$90days,Disposition=20,certificate template=$templatecert2" -out "request.submittedwhen,Request.RequestID,Request.RequesterName,Organization,EMail,NotBefore,NotAfter,CommonName,CertificateTemplate" |
    Out-File C:\PKIReport\expiringcerts.csv

    }

    and i believe it will have something to with this part of the code which determines the template to use certificate template=$templatecert2 

    but if i remove that line it runs and provides information but not the information i want it to query from the

    Wednesday, November 7, 2018 3:00 PM
  • First post your code correctly using the code posting tool provided.  As posted it is unreadable.


    \_(ツ)_/

    Wednesday, November 7, 2018 3:13 PM
  • Do not use quotes around the columnlist.  You dates are in the wrong format.


    \_(ツ)_/


    • Edited by jrv Wednesday, November 7, 2018 3:28 PM
    Wednesday, November 7, 2018 3:28 PM
  • Hi Joe,

    Let's see if I understand what you want. You want separate lists of certificates based on templates, right?

    Certutil -View -Restrict CertificateTemplate responds to the Certificate Template OID rather than the template name (exception, schema version 1 templates have no OID and the name is taken for those). So you may need to resolve the template from name to OID before doing your query.

    That said, you may find it more convenient to work around by first exporting all of your certificates to CSV and then using powershell to sort them out. The command to export certificates to csv is certutil -view csv. Since Certutil does in fact return the Template Friendly Name, you can use the CSV parsing options to sort them out.

    Kind Regards,

    Friday, November 9, 2018 9:17 AM

  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Frank

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, November 9, 2018 9:33 AM
  • Hi,

    Was your issue resolved? 

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.


    Best Regards,
    Frank

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, November 13, 2018 9:21 AM