使用下面的PowerShell脚本,如何检查SSL证书的有效性?

高级系统工程师

我需要修改下面的脚本,以便获取AD服务器的列表,然后检查服务器中任何SSL证书的有效性。

注意:服务器可能会运行IIS,也可能无法运行IIS,这就是为什么我不确定如何正确执行它的原因。

$ComputerName = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com"
[CmdletBinding()]
param(
    [parameter(Mandatory, ValueFromPipeline)][string[]]$ComputerName,
    [int]$TCPPort = 443,
    [int]$Timeoutms = 3000
)

process {
    foreach ($computer in $computerName) {
        $port = $TCPPort
        write-verbose "$computer`: Connecting on port $port"
        [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
        $req = [Net.HttpWebRequest]::Create("https://$computer`:$port/")
        $req.Timeout = $Timeoutms
        try {$req.GetResponse() | Out-Null} catch {write-error "Couldn't connect to $computer on port $port"; continue}
        if (!($req.ServicePoint.Certificate)) {write-error "No Certificate returned on $computer"; continue}
        $certinfo = $req.ServicePoint.Certificate

        $returnobj = [ordered]@{
            ComputerName = $computer;
            Port         = $port;
            Subject      = $certinfo.Subject;
            Thumbprint   = $certinfo.GetCertHashString();
            Issuer       = $certinfo.Issuer;
            SerialNumber = $certinfo.GetSerialNumberString();
            Issued       = [DateTime]$certinfo.GetEffectiveDateString();
            Expires      = [DateTime]$certinfo.GetExpirationDateString();
        }

        new-object PSCustomObject -Property $returnobj
    }
}
彼得·凯

我不确定您是否忘记将函数实例化放在顶层,但以下内容应该是PowerShell中高级功能的正确格式。您还可以使用Get-ADComputer cmdlet为参数$ ComputerName提供默认值尝试一下,看看是否可行。

function Get-ADComputerCert {
    [CmdletBinding()]
    param(
        [int]$TCPPort = 443,
        [int]$Timeoutms = 3000
    )

    process {
        $ComputerName = (Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com").Name
        foreach ($computer in $computerName) {
            $port = $TCPPort
            write-verbose "$computer`: Connecting on port $port"
            [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
            $req = [Net.HttpWebRequest]::Create("https://$computer`:$port/")
            $req.Timeout = $Timeoutms
            try {$req.GetResponse() | Out-Null} catch {write-error "Couldn't connect to $computer on port $port"; continue}
            if (!($req.ServicePoint.Certificate)) {write-error "No Certificate returned on $computer"; continue}
            $certinfo = $req.ServicePoint.Certificate

            $returnobj = [ordered]@{
                ComputerName = $computer;
                Port         = $port;
                Subject      = $certinfo.Subject;
                Thumbprint   = $certinfo.GetCertHashString();
                Issuer       = $certinfo.Issuer;
                SerialNumber = $certinfo.GetSerialNumberString();
                Issued       = [DateTime]$certinfo.GetEffectiveDateString();
                Expires      = [DateTime]$certinfo.GetExpirationDateString();
            }

            new-object PSCustomObject -Property $returnobj
        }
    }
}

本文收集自互联网,转载请注明来源。

如有侵权,请联系 [email protected] 删除。

编辑于
0

我来说两句

0 条评论
登录 后参与评论

相关文章