How to get website SSL certificate validity dates with PowerShell?

SSL certificates are a very crucial part of the website. They play a key role in securing the exchange of information on both client and server sides by activating an HTTPS secure connection. In the below article with the PowerShell, we will get the certificate validity date (starting and expiry date) for the certificate using PowerShell.

To achieve this, we need to make httpwebrequest but before that, we will ignore SSL warning by the below command.

[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }

And then we wil make the HTTP web request by calling a .Net class.

$url = "https://www.microsoft.com/" $req = [Net.HttpWebRequest]::Create($url)

When we check the $req there are few properties displayed but as we are interested in the certificate date we will use the specific property ServicePoint to retrieve the related information.

$req.ServicePoint

The output of the above command.

PS C:\WINDOWS\system32> $req.ServicePoint BindIPEndPointDelegate : ConnectionLeaseTimeout : -1 Address : https://www.microsoft.com/ MaxIdleTime : 100000 UseNagleAlgorithm : True ReceiveBufferSize : -1 Expect100Continue : True IdleSince : 23-06-2020 07:02:36 ProtocolVersion : 1.1 ConnectionName : https ConnectionLimit : 2 CurrentConnections : 0 Certificate : ClientCertificate : SupportsPipelining : True

As you can see in the above property that certificate field is null so to retrieve the information, we need to use GetResponse() method.

$req.GetResponse()

The output of the above command.

IsMutuallyAuthenticated : False Cookies : {} Headers : {Pragma, X-Activity-Id, MS-CV, X-AppVersion...} SupportsHeaders : True ContentLength : -1 ContentEncoding : ContentType : text/html; charset=utf-8 CharacterSet : utf-8 Server : LastModified : 23-06-2020 07:06:44 StatusCode : OK StatusDescription : OK ProtocolVersion : 1.1 ResponseUri : https://www.microsoft.com/en-in/ Method : GET IsFromCache : False

Now, we will run the previous command and check if we can retrieve the certificate information.

PS C:\WINDOWS\system32> $req.ServicePoint BindIPEndPointDelegate : ConnectionLeaseTimeout : -1 Address : https://www.microsoft.com/en-in/ MaxIdleTime : 100000 UseNagleAlgorithm : True ReceiveBufferSize : -1 Expect100Continue : True IdleSince : 23-06-2020 07:06:44 ProtocolVersion : 1.1 ConnectionName : https ConnectionLimit : 2 CurrentConnections : 1 Certificate : System.Security.Cryptography.X509Certificates.X509Cer tificate ClientCertificate : SupportsPipelining : True

Yes, we could retrieve the certificate information. You can use try/catch block in case the GetResponse() command throws an exception and that I will be using it in the final script. But for this moment, we are interested in retrieving certificate dates.

$req.ServicePoint.Certificate

You will see the output as shown below.

In the above output still, the dates are missing, so we will check if there are any properties or methods to retrieve dates. We will check the properties and methods available for the Date.

$req.ServicePoint.Certificate | gm | where{$_.Name -like "*Date*"} TypeName: System.Security.Cryptography.X509Certificates.X509Certificate  Name                       MemberType Definition ----                        ---------- ---------- GetEffectiveDateString      Method  string GetEffectiveDateString() GetExpirationDateString     Method string GetExpirationDateString()

Here we have both the methods to get the Expiration and Effective start date.

Start Date −

PS C:\WINDOWS\system32> $req.ServicePoint.Certificate.GetEffectiveDateString() 24-06-2019 06:25:35

End Date −

PS C:\WINDOWS\system32> $req.ServicePoint.Certificate.GetExpirationDateString() 22-10-2021 03:34:04

The entire script is mentioned as below.

[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } $url = "https://www.microsoft.com/" $req = [Net.HttpWebRequest]::Create($url) $req.GetResponse() | Out-Null $output = [PSCustomObject]@{    URL = $url    'Cert Start Date' = $req.ServicePoint.Certificate.GetEffectiveDateString()    'Cert End Date' = $req.ServicePoint.Certificate.GetExpirationDateString() } $output URL                         Cert Start Date             Cert End Date  ---                        ---------------             ------------- https://www.microsoft.com/  26-06-2019 09:10:38      22-10-2021 03:34:04