Reputation: 9802
How can I get the most recent SSL certificate for a domain using PowerShell?
I'm trying to find the most recent certificate in the Web Hosting certificate store for a given domain (e.g. www.example.com)
It's easy enough to find any number of matching certificates, but how can I find only the most recent one, ordered by expiration date (furthest into the future)?
My existing code is:
(Get-ChildItem -Path cert:\LocalMachine\WebHosting
| Where-Object {$_.Subject -match "example.com"}).Thumbprint;
However this returns two certificates sometimes as usually the previous certificate (prior to a renewal) must be left in the certificate store for a short while.
Upvotes: 4
Views: 4005
Answers (2)
Reputation: 11
Seems sorting by NotAfter will lead to issues when using Letsencrypt while you still have a 1 year valid cert expiring after the Letsencrypt cert.
Made it work by sorting with NotBefore... haven't tested much though.
Upvotes: 1
Reputation: 72612
You can try to sort then by the property notafter
To have a look to all properties :
(Get-ChildItem -Path cert:\LocalMachine\WebHosting | Where-Object {$_.Subject -match "example.com"}) | fl *
To sort by notAfter property :
(Get-ChildItem -Path cert:\LocalMachine\ca | Where-Object {$_.Subject -match ".*microsoft.*"}) | Sort-Object -Property NotAfter -Descending
Upvotes: 6
Related Questions
- How to download the SSL certificate from a website using PowerShell?
- Trouble with retrieving certificate information in Powershell?
- get certificate expiration date powershell
- Get SSL Certificate 'Issued to'
- Powershell find webserver certificate expiration with context in URL
- Get Certificate Intended Purposes
- Get certificates information using powershell
- Get SSL certificates expiration date using powershell on ubuntu machine
- Detecting SSL certificates due for expiry
- Powershell Select-object from cert store