Achraf Ben Alaya
No Result
View All Result
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • Exam Preparation
    • AZ-104
    • AZ-400
  • About
    • Resume
SUBSCRIBE
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • Exam Preparation
    • AZ-104
    • AZ-400
  • About
    • Resume
No Result
View All Result
Achraf Ben Alaya
No Result
View All Result
ADVERTISEMENT
Home Blog Cloud Azure

Generating report for SSL Certificates for Websites with PowerShell

achraf by achraf
April 10, 2022
in Azure, Blog, Cloud, Tricks, Tips and Fixes
3 min read
0
Generating report for SSL Certificates for Websites with PowerShell
0
SHARES
539
VIEWS
Share on FacebookShare on Twitter

One of the most common problems that our teams deal with is ensuring that SSL certificates are up-to update and working correctly for more than 350 websites.

Dealing with a lot of work, production and incidents will not allow us to analyze each website and verify it, and we must make sure all websites are up/secure and running and we do not want to have an accident caused by an expired certificate.

More than that, we have some websites under a private azure application gateway and others using public application gateways, we also have some websites Secured by WAF (Web Application Firewall) so we wanted to identify and organize that in an excel file that will contain all the info’s and we can share that with all the team members.

By that, we can have  a full view of all our websites, and we can prevent such accidents by having tasks that run daily and testing all the SSL endpoints that we have, and sending a report about The certification expiration info,
under Application Gateway or not (private or public), secured WAF or not … this info will not only help us to verify the SSL end day but also understand what we have in our environment, and if we have a problem we go directly there.

For that, I ended up writing this PowerShell script that will generate a csv file and we will test it on my website

param(
  [Parameter(Mandatory = $False, Position = 0, ValueFromPipeline = $false)]
  [System.Int32]
  $minimumCertAgeDays = 30
)

#get the list of links to scan
$NameList = get-content C:\ssl\SSLDEMO\urls.txt 
$Results = @()

#SSL variables
#$minimumCertAgeDays = 60
$timeoutMilliseconds = 15000
#disabling the cert validation check. This is what makes this whole thing work with invalid certs...
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }


foreach ($Name in $NameList) {
  $OutputObject = "" | Select-Object Type, OriginUrl, Name,Hostnames,Gateway, IPAddress, Status, SSLStartDAY, SSLENDDAY, SSENDINDAYS, StatusSSLMinAge, ErrorMessage 
  try {        
 
    $domain = ([System.URI]$Name).host.Trim()
    $dnsRecord = Resolve-DnsName $domain            
    $OutputObject.Name = $($dnsRecord.Name -join ',')
    $OutputObject.OriginUrl = $Name
    $OutputObject.Type = $($dnsRecord.Type -join ',')
    $OutputObject.IPAddress = ($dnsRecord.IPAddress -join ',')
    switch ($dnsRecord.IPAddress)
                        {                            
                            $ipGatewayOne
                            {
                               $OutputObject.Gateway = 'Gateway1'
                            }
                           
                            #Default state
                            Default
                            {
                                 $OutputObject.Gateway = ''
                            }
                        }     
    $OutputObject.Status = 'OK'     
    $OutputObject.ErrorMessage = ''    
    $OutputObject.Hostnames=($dnsRecord.NameHost -join ',')     
    #SSL STUFF
    Write-Host Checking $Name -f Green
    $req = [Net.HttpWebRequest]::Create($Name)
    $req.Timeout = $timeoutMilliseconds
    $req.AllowAutoRedirect = $true
    try {
      $req.GetResponse() | Out-Null
    } 
    catch {
             
      Write-Host Exception while checking URL $Name`: $_ -f Red
    }

    $certExpiresOnString = $req.ServicePoint.Certificate.GetExpirationDateString()
    #Write-Host "Certificate expires on (string): $certExpiresOnString"
    [datetime]$expiration = [System.DateTime]::Parse($req.ServicePoint.Certificate.GetExpirationDateString())
    #Write-Host "Certificate expires on (datetime): $expiration"
    [int]$certExpiresIn = ($expiration - $(get-date)).Days
    $certName = $req.ServicePoint.Certificate.GetName()
    $certPublicKeyString = $req.ServicePoint.Certificate.GetPublicKeyString()
    $certSerialNumber = $req.ServicePoint.Certificate.GetSerialNumberString()
    $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
    $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString()
    $certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
    $OutputObject.SSLStartDAY = $certEffectiveDate 
    $OutputObject.SSLENDDAY = $expiration
    $OutputObject.SSENDINDAYS = $certExpiresIn 

    if ($certExpiresIn -gt $minimumCertAgeDays)
    {   
      Write-Host Cert for site $Name expires in $certExpiresIn days [on $expiration] -f Green  
      $OutputObject.StatusSSLMinAge = 'ok'    

    }
    else {
      
      Write-Host WARNING: Cert for site $Name expires in $certExpiresIn days [on $expiration] -f Red
      $OutputObject.StatusSSLMinAge = 'ko'    

    }


    #END SSL STUFF

  }  

  catch {      
    $OutputObject.Name = $Name       
    $OutputObject.IPAddress = ''       
    $OutputObject.Status = 'NOT_OK'     
    $OutputObject.ErrorMessage = $_.Exception.Message  
  }   

    $Results += $OutputObject
                
}
              
return $Results | Export-Csv C:\ssl\SSLDEMO\sslresultsnew.csv -NoTypeInformation

Results in Powershell :

Now I have tested this code with more than 400 URLs together.

All you have to do is to point to a text file that contains the URLs starting with: https://
Also, in the application gateway, we can manage the renewal of SSL certificate, and I will share a post about this asap.
I hope you enjoy this article

ShareTweet
Previous Post

Win a free certifications at the Microsoft spring skills challenge 🎁

Next Post

Resume Achraf ben Alaya French/English

Related Posts

Azure

From Docker Hub, switch to Azure Container Registry & AKS

January 16, 2023
200
How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service (AKS)
Azure

How to configure an ingress controller using TLS/SSL for the Azure Kubernetes Service (AKS)

November 25, 2022
375
How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service (AKS)
Azure

How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service (AKS)

November 23, 2022
167
How to setup nginx reverse proxy for aspnet core apps with and without  Docker compose
Azure

How to setup nginx reverse proxy for aspnet core apps with and without Docker compose

November 23, 2022
232
Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁
Blog

Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

May 28, 2022
120
Win a free certifications at the Microsoft spring skills challenge  🎁
Blog

Win a free certifications at the Microsoft spring skills challenge 🎁

March 20, 2022
395
Next Post
Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Terraform

Certifications

Microsoft certified trainer (MCT)

Recommended

Microsoft Ignite Cloud Skills Challenge November 2021 :  Learn…and get rewarded (only 3 days left)

Microsoft Ignite Cloud Skills Challenge November 2021 : Learn…and get rewarded (only 3 days left)

November 27, 2021
238
How to make the most of each day

How to make the most of each day

February 2, 2021
171
Migration from Asp.Net Core 3.1 to 5.0 and publish to azure

Migration from Asp.Net Core 3.1 to 5.0 and publish to azure

November 12, 2020
622
Azure Tips

Azure Tips

April 28, 2020
315
Configure Azure Web App Logging With .NET 5

Configure Azure Web App Logging With .NET 5

December 11, 2020
1.8k
Boxing and Unboxing in C#

Boxing and Unboxing in C#

August 29, 2020
498
Facebook Twitter LinkedIn Youtube

From Docker Hub, switch to Azure Container Registry & AKS

January 16, 2023
How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service (AKS)

How to configure an ingress controller using TLS/SSL for the Azure Kubernetes Service (AKS)

November 25, 2022
How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service (AKS)

How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service (AKS)

November 23, 2022

Categories

  • Apps (1)
  • Azure (39)
  • blazor (2)
  • Blog (62)
  • c# (7)
  • Cloud (37)
  • Dapr (4)
  • docker (3)
  • Games (1)
  • General Tips & Fix (1)
  • motivation (2)
  • Motivation (3)
  • News (9)
  • Resume (1)
  • sql (4)
  • Tricks, Tips and Fixes (3)
  • xamarin (5)
No Result
View All Result
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • Exam Preparation
    • AZ-104
    • AZ-400
  • About
    • Resume