Achraf Ben Alaya
No Result
View All Result
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • Exam Preparation
    • AZ-104
    • AZ-400
  • About
    • Resume
SUBSCRIBE
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • Exam Preparation
    • AZ-104
    • AZ-400
  • About
    • Resume
No Result
View All Result
Achraf Ben Alaya
No Result
View All Result
ADVERTISEMENT
Home Blog Cloud Azure

Generating report for SSL Certificates for Websites with PowerShell

achraf by achraf
April 10, 2022
in Azure, Blog, Cloud, Tricks, Tips and Fixes
3 min read
0
Generating report for SSL Certificates for Websites with PowerShell
0
SHARES
135
VIEWS
Share on FacebookShare on Twitter

One of the most common problems that our teams deal with is ensuring that SSL certificates are up-to update and working correctly for more than 350 websites.

Dealing with a lot of work, production and incidents will not allow us to analyze each website and verify it, and we must make sure all websites are up/secure and running and we do not want to have an accident caused by an expired certificate.

More than that, we have some websites under a private azure application gateway and others using public application gateways, we also have some websites Secured by WAF (Web Application Firewall) so we wanted to identify and organize that in an excel file that will contain all the info’s and we can share that with all the team members.

By that, we can have  a full view of all our websites, and we can prevent such accidents by having tasks that run daily and testing all the SSL endpoints that we have, and sending a report about The certification expiration info,
under Application Gateway or not (private or public), secured WAF or not … this info will not only help us to verify the SSL end day but also understand what we have in our environment, and if we have a problem we go directly there.

For that, I ended up writing this PowerShell script that will generate a csv file and we will test it on my website

param(
  [Parameter(Mandatory = $False, Position = 0, ValueFromPipeline = $false)]
  [System.Int32]
  $minimumCertAgeDays = 30
)

#get the list of links to scan
$NameList = get-content C:\ssl\SSLDEMO\urls.txt 
$Results = @()

#SSL variables
#$minimumCertAgeDays = 60
$timeoutMilliseconds = 15000
#disabling the cert validation check. This is what makes this whole thing work with invalid certs...
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }


foreach ($Name in $NameList) {
  $OutputObject = "" | Select-Object Type, OriginUrl, Name,Hostnames,Gateway, IPAddress, Status, SSLStartDAY, SSLENDDAY, SSENDINDAYS, StatusSSLMinAge, ErrorMessage 
  try {        
 
    $domain = ([System.URI]$Name).host.Trim()
    $dnsRecord = Resolve-DnsName $domain            
    $OutputObject.Name = $($dnsRecord.Name -join ',')
    $OutputObject.OriginUrl = $Name
    $OutputObject.Type = $($dnsRecord.Type -join ',')
    $OutputObject.IPAddress = ($dnsRecord.IPAddress -join ',')
    switch ($dnsRecord.IPAddress)
                        {                            
                            $ipGatewayOne
                            {
                               $OutputObject.Gateway = 'Gateway1'
                            }
                           
                            #Default state
                            Default
                            {
                                 $OutputObject.Gateway = ''
                            }
                        }     
    $OutputObject.Status = 'OK'     
    $OutputObject.ErrorMessage = ''    
    $OutputObject.Hostnames=($dnsRecord.NameHost -join ',')     
    #SSL STUFF
    Write-Host Checking $Name -f Green
    $req = [Net.HttpWebRequest]::Create($Name)
    $req.Timeout = $timeoutMilliseconds
    $req.AllowAutoRedirect = $true
    try {
      $req.GetResponse() | Out-Null
    } 
    catch {
             
      Write-Host Exception while checking URL $Name`: $_ -f Red
    }

    $certExpiresOnString = $req.ServicePoint.Certificate.GetExpirationDateString()
    #Write-Host "Certificate expires on (string): $certExpiresOnString"
    [datetime]$expiration = [System.DateTime]::Parse($req.ServicePoint.Certificate.GetExpirationDateString())
    #Write-Host "Certificate expires on (datetime): $expiration"
    [int]$certExpiresIn = ($expiration - $(get-date)).Days
    $certName = $req.ServicePoint.Certificate.GetName()
    $certPublicKeyString = $req.ServicePoint.Certificate.GetPublicKeyString()
    $certSerialNumber = $req.ServicePoint.Certificate.GetSerialNumberString()
    $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
    $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString()
    $certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
    $OutputObject.SSLStartDAY = $certEffectiveDate 
    $OutputObject.SSLENDDAY = $expiration
    $OutputObject.SSENDINDAYS = $certExpiresIn 

    if ($certExpiresIn -gt $minimumCertAgeDays)
    {   
      Write-Host Cert for site $Name expires in $certExpiresIn days [on $expiration] -f Green  
      $OutputObject.StatusSSLMinAge = 'ok'    

    }
    else {
      
      Write-Host WARNING: Cert for site $Name expires in $certExpiresIn days [on $expiration] -f Red
      $OutputObject.StatusSSLMinAge = 'ko'    

    }


    #END SSL STUFF

  }  

  catch {      
    $OutputObject.Name = $Name       
    $OutputObject.IPAddress = ''       
    $OutputObject.Status = 'NOT_OK'     
    $OutputObject.ErrorMessage = $_.Exception.Message  
  }   

    $Results += $OutputObject
                
}
              
return $Results | Export-Csv C:\ssl\SSLDEMO\sslresultsnew.csv -NoTypeInformation

Results in Powershell :

Now I have tested this code with more than 400 URLs together.

All you have to do is to point to a text file that contains the URLs starting with: https://
Also, in the application gateway, we can manage the renewal of SSL certificate, and I will share a post about this asap.
I hope you enjoy this article

ShareTweet
Previous Post

Win a free certifications at the Microsoft spring skills challenge 🎁

Next Post

Resume Achraf ben Alaya French/English

Related Posts

Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁
Blog

Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

May 28, 2022
36
Win a free certifications at the Microsoft spring skills challenge  🎁
Blog

Win a free certifications at the Microsoft spring skills challenge 🎁

March 20, 2022
309
My Trip to Turkey
Blog

My Trip to Turkey

February 5, 2022
187
Microsoft Ignite Cloud Skills Challenge November 2021 :  Learn…and get rewarded (only 3 days left)

Microsoft Ignite Cloud Skills Challenge November 2021 : Learn…and get rewarded (only 3 days left)

November 27, 2021
212
Tools I use with Database
Blog

Tools I use with Database

November 7, 2021
287
Configure postman / newman API tests in Azure DevOps

Configure postman / newman API tests in Azure DevOps

October 25, 2021
1.4k
Next Post
Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Terraform

Certifications

Microsoft certified trainer (MCT)

Recommended

Deploy azure function from visual studio 2019

Deploy azure function from visual studio 2019

August 29, 2020
381
Run background tasks with WebJobs in Azure App Service

Run background tasks with WebJobs in Azure App Service

August 21, 2021
837
Welcome to Azure Resource Mover service

Welcome to Azure Resource Mover service

February 2, 2021
137
Access Microsoft Azure Courses On Pluralsight for Free

Access Microsoft Azure Courses On Pluralsight for Free

April 21, 2020
243
Configure Azure Web App Logging With .NET 5

Configure Azure Web App Logging With .NET 5

December 11, 2020
1.4k
My book collection for 2020-2021

My book collection for 2020-2021

December 28, 2020
304
Facebook Twitter LinkedIn Youtube
Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

May 28, 2022
Generating report for SSL Certificates for Websites with PowerShell

Generating report for SSL Certificates for Websites with PowerShell

April 10, 2022
Win a free certifications at the Microsoft spring skills challenge  🎁

Win a free certifications at the Microsoft spring skills challenge 🎁

March 20, 2022

Categories

  • Apps (1)
  • Azure (35)
  • blazor (2)
  • Blog (59)
  • c# (6)
  • Cloud (34)
  • Dapr (4)
  • docker (2)
  • Games (1)
  • General Tips & Fix (1)
  • motivation (2)
  • Motivation (3)
  • News (9)
  • Resume (1)
  • sql (4)
  • Tricks, Tips and Fixes (3)
  • xamarin (5)
No Result
View All Result
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • Exam Preparation
    • AZ-104
    • AZ-400
  • About
    • Resume