I have tried using ntevl to check the Windows event logs for expired certificates which has some degree of success. Just wondering if anyone else has found a way to check for expiring/expired certificates please within UIM?
- UIM, any version
You can use certutil which is available for download from Microsoft:
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil
...\Program Files (x86)\Nimsoft\probes\service\nas\scripts>certutil /?
Verbs:
-dump -- Dump configuration information or files
-asn -- Parse ASN.1 file
-decodehex -- Decode hexadecimal-encoded file
-decode -- Decode Base64-encoded file
-encode -- Encode file to Base64
-deny -- Deny pending request
-resubmit -- Resubmit pending request
-setattributes -- Set attributes for pending request
-setextension -- Set extension for pending request
-revoke -- Revoke Certificate
-isvalid -- Display current certificate disposition
-getconfig -- Get default configuration string
-ping -- Ping Active Directory Certificate Services Request interface
-pingadmin -- Ping Active Directory Certificate Services Admin interface
-CAInfo -- Display CA Information
-ca.cert -- Retrieve the CA's certificate
-ca.chain -- Retrieve the CA's certificate chain
-GetCRL -- Get CRL
-CRL -- Publish new CRLs [or delta CRLs only]
-shutdown -- Shutdown Active Directory Certificate Services
-installCert -- Install Certification Authority certificate
-renewCert -- Renew Certification Authority certificate
-schema -- Dump Certificate Schema
-view -- Dump Certificate View
-db -- Dump Raw Database
-deleterow -- Delete server database row
-backup -- Backup Active Directory Certificate Services
-backupDB -- Backup Active Directory Certificate Services database
-backupKey -- Backup Active Directory Certificate Services certificate and private key
-restore -- Restore Active Directory Certificate Services
-restoreDB -- Restore Active Directory Certificate Services database
-restoreKey -- Restore Active Directory Certificate Services certificate and private key
-importPFX -- Import certificate and private key
-dynamicfilelist -- Display dynamic file List
-databaselocations -- Display database locations
-hashfile -- Generate and display cryptographic hash over a file
-store -- Dump certificate store
-addstore -- Add certificate to store
-delstore -- Delete certificate from store
-verifystore -- Verify certificate in store
-repairstore -- Repair key association or update certificate properties or key security descriptor
-viewstore -- Dump certificate store
-viewdelstore -- Delete certificate from store
-UI -- Certificate Trust List:
-attest -- Verify Key Attestation Request
-dsPublish -- Publish certificate or CRL to Active Directory
-ADTemplate -- Display AD templates
-Template -- Display Enrollment Policy templates
-TemplateCAs -- Display CAs for template
-CATemplates -- Display templates for CA
-SetCASites -- Manage Site Names for CAs
-enrollmentServerURL -- Display, add or delete enrollment server URLs associated with a CA
-ADCA -- Display AD CAs
-CA -- Display Enrollment Policy CAs
-Policy -- Display Enrollment Policy
-PolicyCache -- Display or delete Enrollment Policy Cache entries
-CredStore -- Display, add or delete Credential Store entries
-InstallDefaultTemplates -- Install default certificate templates
-URLCache -- Display or delete URL cache entries
-pulse -- Pulse autoenrollment events
-MachineInfo -- Display Active Directory machine object information
-DCInfo -- Display domain controller information
-EntInfo -- Display enterprise information
-TCAInfo -- Display CA information
-SCInfo -- Display smart card information
-SCRoots -- Manage smart card root certificates
-verifykeys -- Verify public/private key set
-verify -- Verify certificate, CRL or chain
-verifyCTL -- Verify AuthRoot or Disallowed Certificates CTL
-syncWithWU -- Sync with Windows Update
-generateSSTFromWU -- Generate SST from Windows Update
-sign -- Re-sign CRL or certificate
-vroot -- Create/delete web virtual roots and file shares
-vocsproot -- Create/delete web virtual roots for OCSP web proxy
-addEnrollmentServer -- Add an Enrollment Server application
-deleteEnrollmentServer -- Delete an Enrollment Server application
-addPolicyServer -- Add a Policy Server application
-deletePolicyServer -- Delete a Policy Server application
-oid -- Display ObjectId or set display name
-error -- Display error code message text
-getreg -- Display registry value
-setreg -- Set registry value
-delreg -- Delete registry value
-ImportKMS -- Import user keys and certificates into server database for key archival
-ImportCert -- Import a certificate file into the database
-GetKey -- Retrieve archived private key recovery blob, generate a recovery script,
or recover archived keys
-RecoverKey -- Recover archived private key
-MergePFX -- Merge PFX files
-ConvertEPF -- Convert PFX files to EPF file
-? -- Display this usage message
CertUtil -? -- Display a verb list (command list)
CertUtil -dump -? -- Display help text for the "dump" verb
CertUtil -v -? -- Display all help text for all verbs
CertUtil: -? command completed successfully.
For example:
certutil -dump "Server.cer" ^| findstr "NotAfter:"
And then use logmon to parse that output.