PowerShell for checking the SSL certificate validity not working?

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
ITEngineer
Posts: 216
Last visit: Thu Mar 23, 2023 5:45 pm
Has voted: 4 times

PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer »

People,

I have used the DOMAIN\Administrator account is used for the credentials to run the below powershell script to scan for Expired SSL certificate:

Code: Select all

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
    Select Subject,DnsNameList,NotAfter,NotBefore,Thumbprint,Issuer,
           @{n="SAN";e={Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch{} }},
           @{n="IsValid";e={$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) {
                            $true} Else {$false}
                            }}
}

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | Select-Object -expandProperty DnsHostName | Select-Object -expandProperty DnsHostName | Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation
$adCred = Get-Credential
Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Credential $adCred
But, then I got the error:
[Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData] Connecting to remote server Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData. Verify that the computer exists on the network and that the name provided is spelled correctly. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (Microsoft.Power...FormatEntryData:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : NetworkPathNotFound,PSSessionStateBroken
How to fix it so I can get the CSV result?

Thanks in advance.
/* IT Engineer */
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra »

Take a very close look at your command. By formatting it correctly it is easy to see what you are doing wrong.

Code: Select all

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | 
    Select-Object -expandProperty DnsHostName | 
    Select-Object -expandProperty DnsHostName | 
    Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation
User avatar
ITEngineer
Posts: 216
Last visit: Thu Mar 23, 2023 5:45 pm
Has voted: 4 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer »

jvierra wrote: Wed Nov 21, 2018 5:55 am Take a very close look at your command. By formatting it correctly it is easy to see what you are doing wrong.

Code: Select all

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | 
    Select-Object -expandProperty DnsHostName | 
    Select-Object -expandProperty DnsHostName | 
    Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation
OK, I have formatted it like the below to make it more clear:

Code: Select all

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
        Select-Object Subject, 
        DnsNameList, 
        NotAfter, 
        NotBefore, 
        Thumbprint, 
        Issuer,
        @{n = "SAN"; e = {Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch {} }},
        @{n = "IsValid"; e = {$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) { $true } Else {$false} } }
}

$computers = Get-ADComputer -Filter {Enabled -eq $True -and OperatingSystem -like "*Server*"} -SearchBase "OU=Servers,OU=Site 1,DC=Domain,DC=com" | 
                Where-Object {Test-Connection $_.Name -Count 1 -Quiet} | 
                Select-Object -expandProperty DnsHostName | 
                Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

$adCred = Get-Credential
Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Credential $adCred
Somehow the error code is still:
Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:19 char:30
+ Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Cr ...
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand
/* IT Engineer */
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra »

"$computers" is not a name or an array of names. It is null. Look at the code I posted above. I noted that I reformatted it so you could read it easier but you didn't look at it.

You cannot output from both ends of a pipeline. The export eats all of the data so none gets sent back to the session.
Anywhere you place an output command in a pipeline terminates the pipeline at that point. The only exception is "Tee-Object".

Note that the error message says clearly "The argument is null or empty". It also says "At line:19 char:30". Find line 19 and count 30 characters and it will point you at the point at which the parser detected the error.

Invoke-Command -ComputerName $computers
==============================| <--- char 30.

PowerShell is really very easy if you have taken a course or tutorial or if you are an experienced programmer. Without training, PowerShell is only useful at about the level of the old CMD shell. Doing more complex things requires more training or things will go very slow and may, at times, seem impossible.

Good luck. I think you can understand this now. Just redesign the code to not output the pipeline to a file.
User avatar
ITEngineer
Posts: 216
Last visit: Thu Mar 23, 2023 5:45 pm
Has voted: 4 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer »

jvierra wrote: Wed Nov 21, 2018 3:05 pm "$computers" is not a name or an array of names. It is null. Look at the code I posted above. I noted that I reformatted it so you could read it easier but you didn't look at it.

You cannot output from both ends of a pipeline. The export eats all of the data so none gets sent back to the session.
Anywhere you place an output command in a pipeline terminates the pipeline at that point. The only exception is "Tee-Object".

Note that the error message says clearly "The argument is null or empty". It also says "At line:19 char:30". Find line 19 and count 30 characters and it will point you at the point at which the parser detected the error.

Invoke-Command -ComputerName $computers
==============================| <--- char 30.

PowerShell is really very easy if you have taken a course or tutorial or if you are an experienced programmer. Without training, PowerShell is only useful at about the level of the old CMD shell. Doing more complex things requires more training or things will go very slow and may, at times, seem impossible.

Good luck. I think you can understand this now. Just redesign the code to not output the pipeline to a file.
Hi Mr. Vierra,

yes, you are right.

I have reformatted it using Visual Studio Code plugins and it is more clear now:

Code: Select all

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
        Select-Object Subject, 
        DnsNameList, 
        NotAfter, 
        NotBefore, 
        Thumbprint, 
        Issuer,
        @{n = "SAN"; e = {Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch {} }},
        @{n = "IsValid"; e = {$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) { $true } Else {$false} } }
}

$computers = Get-ADComputer -Filter {Enabled -eq $True -and OperatingSystem -like "*Server*"} -SearchBase "OU=Servers,OU=Production Site 1,DC=Domain,DC=com" | 
                Where-Object {Test-Connection $_.Name -Count 1 -Quiet} | 
                Select-Object -expandProperty DnsHostName

$adCred = Get-Credential
Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Credential $adCred

$computers | Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

However, the result on the .CSV is:
Length
22
21
22
22
22
22
22
21
21
21
22
22
/* IT Engineer */
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra »

Please read my post carefully. You cannot output text to a Csv. Only objects can be exported.

Again. Doing the full tutorial would resolve all of these things for you. Consider that you have been asking these same exact questions for over 6 years now (since at least 1/23/2012). I know a lot of people hate training programs or tutorials but they can be fun when you know some things and want to get these things right once for all time.


I decided to get my MCSE after about 20 years of computer engineering experience. I was amazed that I not only learned new things but I learned that Microsoft is not IETF and that the rules of IETF do not explain how to best use Windows networking. I also refined my understanding of many other areas of Windows and I was a well seasoned Windows Systems programmer, program designer and project manager for years before I got my MCSE.

Six weeks of exams and a 500+ page book each week to review and relearn everything. It was an excellent experience.

I also often go back to training because what we don't use we lose. Relearning is also a chance to rethink everything. It provides stimulation to the central processor between our ears and keeps us fresh. After all. doesn't a musician always practice. Even the first chair violinist of the NY Philharmonic practices every day.
User avatar
ITEngineer
Posts: 216
Last visit: Thu Mar 23, 2023 5:45 pm
Has voted: 4 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer »

Mr. Vierra,

Yes, I will do some more research.
I'm not a programmer, but interested to know and use PowerShell for my daily System Automation.

Thanks for the tip and have a great day. :)
/* IT Engineer */
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra »

ITEngineer wrote: Wed Nov 21, 2018 4:21 pm
I'm not a programmer, but interested to know and use PowerShell for my daily System Automation.
I understand that. I know you have learned a lot but you are stalling constantly because you don't know may very basic things which you could actually learn over a couple of weekends. It just takes undistracted concentration.

At this point I would suggest the "PowerShell in Action" book and the MVA video tutorial as the best things to concentrate on. Believe me. If you take the time to do an organized and disciplined approach to both of these you will move forward by a huge leap.

Until then just keep posting your questions and I will try to answer them.

Anyway - best guess. This is what I think you are trying to do.

Code: Select all

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
        Select-Object Subject, 
        DnsNameList, 
        NotAfter, 
        NotBefore, 
        Thumbprint, 
        Issuer,
        @{n = 'SAN'; e = {Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch {} }},
        @{n = 'IsValid'; e = {$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) { $true } Else {$false} } }
}

$computers = Get-ADComputer -Filter {Enabled -eq $True -and OperatingSystem -like '*Server*'} -SearchBase 'OU=Servers,OU=Production Site 1,DC=Domain,DC=com' | 
                Where-Object {Test-Connection $_.Name -Count 1 -Quiet}   

$adCred = Get-Credential
Invoke-Command -ComputerName $computers.name -ScriptBlock $ScriptBlock -Credential $adCred |
    Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation
User avatar
ITEngineer
Posts: 216
Last visit: Thu Mar 23, 2023 5:45 pm
Has voted: 4 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by ITEngineer »

Yes, that's right, you are awesome.
it works very well.

Many thanks for the suggestion and the assistance in this matter Mr. Vierra. 8-)
/* IT Engineer */
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: PowerShell for checking the SSL certificate validity not working?

Post by jvierra »

ITEngineer wrote: Wed Nov 21, 2018 5:15 pm Yes, that's right, you are awesome.
it works very well.

Many thanks for the suggestion and the assistance in this matter Mr. Vierra. 8-)
Great.
Do your homework. It will change your scripting life dramatically.
This topic is 5 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked