A recent mail thread was asking about querying for cert about to expire and notifying the users of this.
You could do it a few ways.. Run some kind of svc\logon script etc.. on the clients - which tracked the stores and cert data. Query the CA DB directly for certs about to expire.
I thought it’d be easiest to get the information directly from the CA. You can use the ICertView2 interface ---- specifically, EnumCertViewColumn.
You can obtain the DB schema info via “certutil –view” then play with the GetColumnIndex call below…
I ended up with something like this - - its not quite finished as you can see, error checks and mail function - but thats easy enough. The less documented part is already done and you can build off of that.
Const CV_OUT_BASE64 = &H1
'THIS IS THE <Machinename>\CANameCAName = "MyMachine\SpatCA" '=======>> CHANGE THIS TO THE CORRECT MACHINE\CA==
'create the CAView objectset oCAView = CreateObject("CertificateAuthority.View.1")
'open the connection to the Machine\CAoCAView.OpenConnection (CAName)
'retrieve specific columns from DBoCAView.SetResultColumnCount(3) Index0 = oCAView.GetColumnIndex(False, "CommonName") Index1 = oCAView.GetColumnIndex(False, "Email")
Index2 = oCAView.GetColumnIndex(False, "NotAfter")
oCAView.SetResultColumn (Index0) oCAView.SetResultColumn (Index1)
'open the view
Set RowObj= oCAView.OpenView
Do Until RowObj.Next = -1
Set ColObj = RowObj.EnumCertViewColumn()
Do Until ColObj.Next = -1
wscript.echo ColObj.GetValue(CV_OUT_BASE64) & vbcrlf 'insert logic for checking date to
'current and if near\past send mail.
'for a number of examples of mail send info
'Obviously you may want to use the cert email
'attribute to send the mail
Set ColObj = Nothing
How would you connect to the MS 2003 Cert server in PowerShell?
Not being a PS guy-- I am not sure of that one. Can you IcertView from C#? If so cant PS call it as well?
This may be a start:
Thanks for this great script !
Would you have something that runs client side, independent of any connection to a CA? Or can you point me? Thank you.