PowerShell for checking the SSL certificate validity not working?

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
ITEngineer
Posts: 132
Joined: Wed Oct 12, 2011 10:52 am

PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer » Wed Nov 21, 2018 6:18 am

People,

I have used the DOMAIN\Administrator account is used for the credentials to run the below powershell script to scan for Expired SSL certificate:

Code: Select all

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
    Select Subject,DnsNameList,NotAfter,NotBefore,Thumbprint,Issuer,
           @{n="SAN";e={Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch{} }},
           @{n="IsValid";e={$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) {
                            $true} Else {$false}
                            }}
}

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | Select-Object -expandProperty DnsHostName | Select-Object -expandProperty DnsHostName | Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation
$adCred = Get-Credential
Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Credential $adCred
But, then I got the error:
[Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData] Connecting to remote server Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData. Verify that the computer exists on the network and that the name provided is spelled correctly. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (Microsoft.Power...FormatEntryData:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : NetworkPathNotFound,PSSessionStateBroken
How to fix it so I can get the CSV result?

Thanks in advance.
/* IT Engineer */

User avatar
jvierra
Posts: 13175
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra » Wed Nov 21, 2018 6:55 am

Take a very close look at your command. By formatting it correctly it is easy to see what you are doing wrong.

Code: Select all

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | 
    Select-Object -expandProperty DnsHostName | 
    Select-Object -expandProperty DnsHostName | 
    Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

User avatar
ITEngineer
Posts: 132
Joined: Wed Oct 12, 2011 10:52 am

Re: PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer » Wed Nov 21, 2018 3:16 pm

jvierra wrote:
Wed Nov 21, 2018 6:55 am
Take a very close look at your command. By formatting it correctly it is easy to see what you are doing wrong.

Code: Select all

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | 
    Select-Object -expandProperty DnsHostName | 
    Select-Object -expandProperty DnsHostName | 
    Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation
OK, I have formatted it like the below to make it more clear:

Code: Select all

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
        Select-Object Subject, 
        DnsNameList, 
        NotAfter, 
        NotBefore, 
        Thumbprint, 
        Issuer,
        @{n = "SAN"; e = {Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch {} }},
        @{n = "IsValid"; e = {$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) { $true } Else {$false} } }
}

$computers = Get-ADComputer -Filter {Enabled -eq $True -and OperatingSystem -like "*Server*"} -SearchBase "OU=Servers,OU=Site 1,DC=Domain,DC=com" | 
                Where-Object {Test-Connection $_.Name -Count 1 -Quiet} | 
                Select-Object -expandProperty DnsHostName | 
                Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

$adCred = Get-Credential
Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Credential $adCred
Somehow the error code is still:
Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:19 char:30
+ Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Cr ...
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand
/* IT Engineer */

User avatar
jvierra
Posts: 13175
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra » Wed Nov 21, 2018 4:05 pm

"$computers" is not a name or an array of names. It is null. Look at the code I posted above. I noted that I reformatted it so you could read it easier but you didn't look at it.

You cannot output from both ends of a pipeline. The export eats all of the data so none gets sent back to the session.
Anywhere you place an output command in a pipeline terminates the pipeline at that point. The only exception is "Tee-Object".

Note that the error message says clearly "The argument is null or empty". It also says "At line:19 char:30". Find line 19 and count 30 characters and it will point you at the point at which the parser detected the error.

Invoke-Command -ComputerName $computers
==============================| <--- char 30.

PowerShell is really very easy if you have taken a course or tutorial or if you are an experienced programmer. Without training, PowerShell is only useful at about the level of the old CMD shell. Doing more complex things requires more training or things will go very slow and may, at times, seem impossible.

Good luck. I think you can understand this now. Just redesign the code to not output the pipeline to a file.

User avatar
ITEngineer
Posts: 132
Joined: Wed Oct 12, 2011 10:52 am

Re: PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer » Wed Nov 21, 2018 4:23 pm

jvierra wrote:
Wed Nov 21, 2018 4:05 pm
"$computers" is not a name or an array of names. It is null. Look at the code I posted above. I noted that I reformatted it so you could read it easier but you didn't look at it.

You cannot output from both ends of a pipeline. The export eats all of the data so none gets sent back to the session.
Anywhere you place an output command in a pipeline terminates the pipeline at that point. The only exception is "Tee-Object".

Note that the error message says clearly "The argument is null or empty". It also says "At line:19 char:30". Find line 19 and count 30 characters and it will point you at the point at which the parser detected the error.

Invoke-Command -ComputerName $computers
==============================| <--- char 30.

PowerShell is really very easy if you have taken a course or tutorial or if you are an experienced programmer. Without training, PowerShell is only useful at about the level of the old CMD shell. Doing more complex things requires more training or things will go very slow and may, at times, seem impossible.

Good luck. I think you can understand this now. Just redesign the code to not output the pipeline to a file.
Hi Mr. Vierra,

yes, you are right.

I have reformatted it using Visual Studio Code plugins and it is more clear now:

Code: Select all

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
        Select-Object Subject, 
        DnsNameList, 
        NotAfter, 
        NotBefore, 
        Thumbprint, 
        Issuer,
        @{n = "SAN"; e = {Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch {} }},
        @{n = "IsValid"; e = {$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) { $true } Else {$false} } }
}

$computers = Get-ADComputer -Filter {Enabled -eq $True -and OperatingSystem -like "*Server*"} -SearchBase "OU=Servers,OU=Production Site 1,DC=Domain,DC=com" | 
                Where-Object {Test-Connection $_.Name -Count 1 -Quiet} | 
                Select-Object -expandProperty DnsHostName

$adCred = Get-Credential
Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Credential $adCred

$computers | Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

However, the result on the .CSV is:
Length
22
21
22
22
22
22
22
21
21
21
22
22
/* IT Engineer */

User avatar
jvierra
Posts: 13175
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra » Wed Nov 21, 2018 4:39 pm

Please read my post carefully. You cannot output text to a Csv. Only objects can be exported.

Again. Doing the full tutorial would resolve all of these things for you. Consider that you have been asking these same exact questions for over 6 years now (since at least 1/23/2012). I know a lot of people hate training programs or tutorials but they can be fun when you know some things and want to get these things right once for all time.


I decided to get my MCSE after about 20 years of computer engineering experience. I was amazed that I not only learned new things but I learned that Microsoft is not IETF and that the rules of IETF do not explain how to best use Windows networking. I also refined my understanding of many other areas of Windows and I was a well seasoned Windows Systems programmer, program designer and project manager for years before I got my MCSE.

Six weeks of exams and a 500+ page book each week to review and relearn everything. It was an excellent experience.

I also often go back to training because what we don't use we lose. Relearning is also a chance to rethink everything. It provides stimulation to the central processor between our ears and keeps us fresh. After all. doesn't a musician always practice. Even the first chair violinist of the NY Philharmonic practices every day.

User avatar
ITEngineer
Posts: 132
Joined: Wed Oct 12, 2011 10:52 am

Re: PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer » Wed Nov 21, 2018 5:21 pm

Mr. Vierra,

Yes, I will do some more research.
I'm not a programmer, but interested to know and use PowerShell for my daily System Automation.

Thanks for the tip and have a great day. :)
/* IT Engineer */

User avatar
jvierra
Posts: 13175
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra » Wed Nov 21, 2018 5:51 pm

ITEngineer wrote:
Wed Nov 21, 2018 5:21 pm

I'm not a programmer, but interested to know and use PowerShell for my daily System Automation.
I understand that. I know you have learned a lot but you are stalling constantly because you don't know may very basic things which you could actually learn over a couple of weekends. It just takes undistracted concentration.

At this point I would suggest the "PowerShell in Action" book and the MVA video tutorial as the best things to concentrate on. Believe me. If you take the time to do an organized and disciplined approach to both of these you will move forward by a huge leap.

Until then just keep posting your questions and I will try to answer them.

Anyway - best guess. This is what I think you are trying to do.

Code: Select all

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
        Select-Object Subject, 
        DnsNameList, 
        NotAfter, 
        NotBefore, 
        Thumbprint, 
        Issuer,
        @{n = 'SAN'; e = {Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch {} }},
        @{n = 'IsValid'; e = {$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) { $true } Else {$false} } }
}

$computers = Get-ADComputer -Filter {Enabled -eq $True -and OperatingSystem -like '*Server*'} -SearchBase 'OU=Servers,OU=Production Site 1,DC=Domain,DC=com' | 
                Where-Object {Test-Connection $_.Name -Count 1 -Quiet}   

$adCred = Get-Credential
Invoke-Command -ComputerName $computers.name -ScriptBlock $ScriptBlock -Credential $adCred |
    Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

User avatar
ITEngineer
Posts: 132
Joined: Wed Oct 12, 2011 10:52 am

Re: PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer » Wed Nov 21, 2018 6:15 pm

Yes, that's right, you are awesome.
it works very well.

Many thanks for the suggestion and the assistance in this matter Mr. Vierra. 8-)
/* IT Engineer */

User avatar
jvierra
Posts: 13175
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra » Wed Nov 21, 2018 6:21 pm

ITEngineer wrote:
Wed Nov 21, 2018 6:15 pm
Yes, that's right, you are awesome.
it works very well.

Many thanks for the suggestion and the assistance in this matter Mr. Vierra. 8-)
Great.
Do your homework. It will change your scripting life dramatically.

Locked