Share via

VbScript to check if an IIS certificate is going to Expire

  • Article

 

The following script will check all the websites hosted on IIS Server and check their certificate expiry. It will generate a warning event in the Application event log if any certificate is expiring in 30 days.

strComputer = "localhost"
SET objService = GetObject( "IIS://" & strComputer & "/W3SVC")
Set WshShell = WScript.CreateObject("WScript.Shell")
Dim StrVar0

EnumServersites objService

SUB EnumServersites( objSrv )

FOR Each objServer IN objSrv
IF objServer.Class = "IIsWebServer" Then
IF NOT Ubound(objServer.SecureBindings) = "-1" Then

'check to see if there is at least one securebinding
'WScript.Echo "Site ID = " & objServer.Name & VbCrLf & "Comment = """ & objServer.ServerComment
'wscript.Echo "SSL Certificate Expiration Date: " & GetSSLExpirationDate(objServer.Name)
'wscript.Echo "Days Remaining: " & DaysRemaining(GetSSLExpirationDate(objServer.Name))
'wscript.echo vbcrlf & "-----------------------------" & vbcrlf

StrVar0 = ""
if DaysRemaining(GetSSLExpirationDate(objServer.Name)) < 30 Then
'wscript.echo "entered loop"
StrVar0 = StrVar0 & "Site ID : " & objServer.Name & VbCrLf & "Comment : " & objServer.ServerComment & VbCrLf & "SSL Certificate Expiration Date : " &GetSSLExpirationDate(objServer.Name) & VbCrLf & "Days Remaining : " & DaysRemaining(GetSSLExpirationDate(objServer.Name))

strCommand = "eventcreate /T Warning /ID 351 /L Application /SO CertWarning /D " & _
Chr(34) & StrVar0 & Chr(34)
WshShell.Run strcommand

END IF
END IF
END IF
strBindings = ""
Next
END Sub

FUNCTION GetSSLExpirationDate( strSiteID )
Set iiscertobj = WScript.CreateObject("IIS.CertObj")
iiscertobj.serverName = "localhost"
iiscertobj.InstanceName = "W3SVC/" & strSiteID

tmpArray = Split(iiscertobj.GetCertInfo,vbLf)
For Each x in tmpArray
If Left(x,2) = "6=" Then
GetSSLExpirationDate = Mid(x,3,len(x)-2)
End If
Next
END FUNCTION

Function DaysRemaining(strdate)
If IsDate(strDate) Then
strdate = cDate(strdate)
End If
DaysRemaining = DateDiff("d",Date,strdate)
End Function

Courtesy:

I found this script from https://www.eggheadcafe.com/software/aspnet/34211103/ssl-certificate-warning-b.aspx and further modified it to generate a warning event in the Application event log

Comments

  • Anonymous
    September 11, 2010
    The comment has been removed

  • Anonymous
    September 27, 2010
    The script will run only on machines having IIS installed Please make sure that you running this on machine installed with IIS role

  • Anonymous
    April 13, 2011
    Good script! This works well, as you can pickup the event log with a monitoring program, or even an event trigger. Good stuff.

  • Anonymous
    November 08, 2011
    A wery good script. A have been locking for this for a long time. Do you have a similar script for checking certificates on a ISA server as well?

  • Anonymous
    December 17, 2014
    The comment has been removed