1

I need to make expiring certificates report, but have issue with replacing Certificate Expiration Date OID inside the csv exported from "certutil". ForEach-Object command don't recognize the column and replaces whole csv, though I can filter Template using Where-Object.

$currdate = Get-Date
$date = (Get-Date).AddYears(2)
$template = "RDP|IIS"
$path = "C:\Temp\"
    if(!(test-path $path))
{
        New-Item -ItemType Directory -Force -Path $path
}
certutil -view  -restrict Disposition=20 -out "Request.CommonName,NotAfter,CertificateTemplate" csv | Out-File $path\ExpiredCerts.csv 
Import-Csv $path\ExpiredCerts.csv | ForEach-Object {$_.'Certificate Template' -replace "^\d.* ",""} 
Import-Csv $path\ExpiredCerts.csv |Where-Object {$date -gt $_.'Certificate Expiration Date' -and $currdate -lt $_.'Certificate Expiration Date' -and $_.'Certificate Template' -match $template} | ConvertTo-Html -Head $Header | Out-File $path\ExpiredCerts.htm

CSV

"Request Common Name","Certificate Expiration Date","Certificate Template"
"*.piltover1.com","11/06/2022 13:08","1.3.6.1.4.1.311.21.8.9809061.13872499.9847428.7216726.9936658.242.11024705.6775621 IIS"
"*.piltover2.com","11/06/2022 13:08","1.3.6.1.4.1.311.21.8.9809061.13872499.9847428.7216726.9936658.242.11024705.6775621 IIS"
"*.piltover3.com","11/06/2022 13:08","1.3.6.1.4.1.311.21.8.9809061.13872499.9847428.7216726.9936658.242.11024705.6775621 IIS"

Final Result

$currdate = Get-Date
$date = (Get-Date).AddDays(30)
$template = "RDP|IIS"
$path = "C:\Temp\"
    if(!(test-path $path))
{
        New-Item -ItemType Directory -Force -Path $path
}
certutil -view  -restrict Disposition=20 -out "Request.CommonName,NotAfter,CertificateTemplate" csv | Out-File $path\ExpiredCerts.csv
$data = Import-csv $path\ExpiredCerts.csv
foreach ($item in $data) {
    $item.'Certificate Template' = ($item.'Certificate Template' -split ' ')[-1]
}
$data | Where-Object {$date -gt $_.'Certificate Expiration Date' -and $currdate -lt $_.'Certificate Expiration Date' -and $_.'Certificate Template' -match $template} |
        ConvertTo-Html -Head $Header | Out-File ExpiredCerts.htm
Improve this question
9
  • 1
    Could you add an example of how the exported file looks, as plain text (just a few lines for testing) Commented Dec 20, 2021 at 13:49
  • @SantiagoSquarzon "Request Common Name","Certificate Expiration Date","Certificate Template" ".piltover.com","11/06/2022 13:08","1.3.6.1.4.1.311.21.8.9809061.13872499.9847428.7216726.9936658.242.11024705.6775621 IIS" ".piltover.com","11/06/2022 13:08","1.3.6.1.4.1.311.21.8.9809061.13872499.9847428.7216726.9936658.242.11024705.6775621 IIS" "*.piltover.com","11/06/2022 13:08","1.3.6.1.4.1.311.21.8.9809061.13872499.9847428.7216726.9936658.242.11024705.6775621 IIS" Commented Dec 20, 2021 at 14:05
  • 1
    Please edit your question and put the wanted extra info in there as formatted text. In a comment it becomes unreadable Commented Dec 20, 2021 at 14:08
  • 1
    @SantiagoSquarzon thank you, noted for the future. Commented Dec 20, 2021 at 14:32
  • 1
    @SantiagoSquarzon i've already made some changes, thank you. Commented Dec 20, 2021 at 14:34

1 Answer 1

Reset to default
1

You could do this to remove the OIDs from column 'Certificate Template' and without the need for writing that data to file and re-importing it, create a HTML file from it.

This assumes you already have the raw data from certutil in a CSV file:

$data = Import-Csv -Path (Join-Path -Path $path -ChildPath 'ExpiredCerts.csv')
# remove OIDs in column 'Certificate Template'
foreach ($item in $data) {
    $item.'Certificate Template' = ($item.'Certificate Template' -split ' ')[-1]
}
# filter the data you need based on expiration date and template
$data | Where-Object {$date -gt (Get-Date $_.'Certificate Expiration Date') -and 
                      $currdate -lt (Get-Date $_.'Certificate Expiration Date') -and 
                      $_.'Certificate Template' -match $template} | 
        ConvertTo-Html -Head $Header | Set-Content (Join-Path -Path $path -ChildPath 'ExpiredCerts.htm')

P.S. I'm using Set-Content in favor if Out-File because we don't know what version of PowerShell you are using. In PS version 7.x, the default encoding for Out-File is utf8NoBOM, while in PS version 5.1 the default file encoding is unicode (= UTF16-LE) which is probably not what you want.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for help, it does it's job! I've made some changes to fit my code. Added final result to question.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.