How to Check certificate expiry for webserver (IIS) certificates using script
Although the title says webserver certificates the script is not limited to webserver certificates only.
This script is useful for admins to check expiry dates of server certificates and be prepared to renew or change them. In case if you have ideas of using this in your server environment and you need help in tweaking this script do let me know.
Please copy & paste script below into a file called "CertExpiryCheck.vbs" and run the script from command line like
C:\> cscript certexpirycheck.vbs [SubjectName]
C:\> cscript certexpirycheck.vbs sukak
* here "sukak" is subject name which usually would be your domain name (FQDN)
* Issued by also shows "sukak" in my case since the test was done using self issued certificate created using selfSSL.exe
'**************************************************
'* CertExpiryCheck.vbs
'* Enumerate certificates with day left for expiry
'**************************************************
Option Explicit
Dim SubjectName
If WScript.Arguments.Count > 0 Then
SubjectName = LCase(WScript.Arguments(0))
Else
CommandUsage
End If
Dim Store, Certificates, Certificate
Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
Set Store = CreateObject("CAPICOM.Store")
Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY
Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, SubjectName, 0)
If Certificates.Count >0 Then
For Each Certificate in Certificates
'Certificate.display() 'If you want to see the Cert in UI
WScript.Echo "*** Subject " & Certificate.SubjectName & " ***"
WScript.Echo "Issued by " & Certificate.IssuerName
WScript.Echo "Valid from " & Certificate.ValidFromDate & " to " & Certificate.ValidToDate
WScript.Echo "Days to expiry " & DateDiff("d",now(),Certificate.ValidToDate)
WScript.Echo
Next
Else
WScript.Echo "No certificates with SubjectName => '" & SubjectName & "'"
End If
Set Certificates = Nothing
Set Store = Nothing
Sub CommandUsage
MsgBox "Usage: CertExpiryCheck.vbs [SubjectName] ", vbInformation,"CertExpiryCheck"
WScript.Quit(1)
End Sub
Just keep in mind you need capicom.dll to use this script. This comes default on Windows 2003 (I guess) but might need to be downloaded and registered on other platforms like Vista. Use regsvr32 capicom.dll to register it first before using the script.