Achraf Ben Alaya
No Result
View All Result
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
    • General Tips & Fix
  • AI
  • Cloud
  • Motivation
  • Courses
  • About
    • Resume
    • Privacy Policy
SUBSCRIBE
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
    • General Tips & Fix
  • AI
  • Cloud
  • Motivation
  • Courses
  • About
    • Resume
    • Privacy Policy
No Result
View All Result
Achraf Ben Alaya
No Result
View All Result
ADVERTISEMENT
Home Blog Cloud Azure

Generating report for SSL Certificates for Websites with PowerShell

achraf by achraf
April 10, 2022
in Azure, Blog, Cloud, Tricks, Tips and Fixes
3 min read
0
Generating report for SSL Certificates for Websites with PowerShell
0
SHARES
1.1k
VIEWS
Share on FacebookShare on Twitter

One of the most common problems that our teams deal with is ensuring that SSL certificates are up-to update and working correctly for more than 350 websites.

Dealing with a lot of work, production and incidents will not allow us to analyze each website and verify it, and we must make sure all websites are up/secure and running and we do not want to have an accident caused by an expired certificate.

More than that, we have some websites under a private azure application gateway and others using public application gateways, we also have some websites Secured by WAF (Web Application Firewall) so we wanted to identify and organize that in an excel file that will contain all the info’s and we can share that with all the team members.

By that, we can have  a full view of all our websites, and we can prevent such accidents by having tasks that run daily and testing all the SSL endpoints that we have, and sending a report about The certification expiration info,
under Application Gateway or not (private or public), secured WAF or not … this info will not only help us to verify the SSL end day but also understand what we have in our environment, and if we have a problem we go directly there.

For that, I ended up writing this PowerShell script that will generate a csv file and we will test it on my website

param(
  [Parameter(Mandatory = $False, Position = 0, ValueFromPipeline = $false)]
  [System.Int32]
  $minimumCertAgeDays = 30
)

#get the list of links to scan
$NameList = get-content C:\ssl\SSLDEMO\urls.txt 
$Results = @()

#SSL variables
#$minimumCertAgeDays = 60
$timeoutMilliseconds = 15000
#disabling the cert validation check. This is what makes this whole thing work with invalid certs...
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }


foreach ($Name in $NameList) {
  $OutputObject = "" | Select-Object Type, OriginUrl, Name,Hostnames,Gateway, IPAddress, Status, SSLStartDAY, SSLENDDAY, SSENDINDAYS, StatusSSLMinAge, ErrorMessage 
  try {        
 
    $domain = ([System.URI]$Name).host.Trim()
    $dnsRecord = Resolve-DnsName $domain            
    $OutputObject.Name = $($dnsRecord.Name -join ',')
    $OutputObject.OriginUrl = $Name
    $OutputObject.Type = $($dnsRecord.Type -join ',')
    $OutputObject.IPAddress = ($dnsRecord.IPAddress -join ',')
    switch ($dnsRecord.IPAddress)
                        {                            
                            $ipGatewayOne
                            {
                               $OutputObject.Gateway = 'Gateway1'
                            }
                           
                            #Default state
                            Default
                            {
                                 $OutputObject.Gateway = ''
                            }
                        }     
    $OutputObject.Status = 'OK'     
    $OutputObject.ErrorMessage = ''    
    $OutputObject.Hostnames=($dnsRecord.NameHost -join ',')     
    #SSL STUFF
    Write-Host Checking $Name -f Green
    $req = [Net.HttpWebRequest]::Create($Name)
    $req.Timeout = $timeoutMilliseconds
    $req.AllowAutoRedirect = $true
    try {
      $req.GetResponse() | Out-Null
    } 
    catch {
             
      Write-Host Exception while checking URL $Name`: $_ -f Red
    }

    $certExpiresOnString = $req.ServicePoint.Certificate.GetExpirationDateString()
    #Write-Host "Certificate expires on (string): $certExpiresOnString"
    [datetime]$expiration = [System.DateTime]::Parse($req.ServicePoint.Certificate.GetExpirationDateString())
    #Write-Host "Certificate expires on (datetime): $expiration"
    [int]$certExpiresIn = ($expiration - $(get-date)).Days
    $certName = $req.ServicePoint.Certificate.GetName()
    $certPublicKeyString = $req.ServicePoint.Certificate.GetPublicKeyString()
    $certSerialNumber = $req.ServicePoint.Certificate.GetSerialNumberString()
    $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
    $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString()
    $certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
    $OutputObject.SSLStartDAY = $certEffectiveDate 
    $OutputObject.SSLENDDAY = $expiration
    $OutputObject.SSENDINDAYS = $certExpiresIn 

    if ($certExpiresIn -gt $minimumCertAgeDays)
    {   
      Write-Host Cert for site $Name expires in $certExpiresIn days [on $expiration] -f Green  
      $OutputObject.StatusSSLMinAge = 'ok'    

    }
    else {
      
      Write-Host WARNING: Cert for site $Name expires in $certExpiresIn days [on $expiration] -f Red
      $OutputObject.StatusSSLMinAge = 'ko'    

    }


    #END SSL STUFF

  }  

  catch {      
    $OutputObject.Name = $Name       
    $OutputObject.IPAddress = ''       
    $OutputObject.Status = 'NOT_OK'     
    $OutputObject.ErrorMessage = $_.Exception.Message  
  }   

    $Results += $OutputObject
                
}
              
return $Results | Export-Csv C:\ssl\SSLDEMO\sslresultsnew.csv -NoTypeInformation

Results in Powershell :

Now I have tested this code with more than 400 URLs together.

All you have to do is to point to a text file that contains the URLs starting with: https://
Also, in the application gateway, we can manage the renewal of SSL certificate, and I will share a post about this asap.
I hope you enjoy this article

ShareTweet
Previous Post

Win a free certifications at the Microsoft spring skills challenge 🎁

Next Post

Resume Achraf ben Alaya French/English

Related Posts

AI

Model Context Protocol (MCP): The Future of AI Integration

April 21, 2025
106
Azure

Step-by-Step Guide: Azure Front Door + Storage Account Static Website + Custom Domain with Terraform

March 11, 2025
227
Network Security & Route Tables – Checking NSGs, route tables, and service endpoints for a targeted VNET or Subnet
Azure

Network Security & Route Tables – Checking NSGs, route tables, and service endpoints for a targeted VNET or Subnet

February 3, 2025
135
Understanding Generative AI and RAG Benefits
AI

Understanding Generative AI and RAG Benefits

January 12, 2025
96
Azure Communication Services Email Sending Simplified: From Setup to Execution and Monitoring
Azure

Azure Communication Services Email Sending Simplified: From Setup to Execution and Monitoring

December 8, 2024
1.5k
PowerShell Automation for Azure Networks: Detailed VNET and Subnet Analysis
Azure

PowerShell Automation for Azure Networks: Detailed VNET and Subnet Analysis

November 2, 2024
500
Next Post
Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

Win free certifications at the Microsoft Build Cloud Skills Challenge | May 2022 🎁

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Terraform

Certifications

Microsoft certified trainer (MCT)

Recommended

Azure Function to Upload Data to Azure Blob

Azure Function to Upload Data to Azure Blob

August 29, 2020
3.4k
How to SSH into AKS Nodes

How to SSH into AKS Nodes

May 11, 2021
7.5k
Boxing and Unboxing in C#

Boxing and Unboxing in C#

August 29, 2020
1.1k
Block the default URL assigned to the azure web app using azure application gateway

Block the default URL assigned to the azure web app using azure application gateway

May 31, 2023
576
Microsoft Teams

What’s new in Microsoft Teams

September 4, 2020
304
Migrate and modernize your applications on Azure

Migrate and modernize your applications on Azure – Part –1 (Create and publish Web App)

April 3, 2021
363
Facebook Twitter LinkedIn Youtube

Model Context Protocol (MCP): The Future of AI Integration

April 21, 2025

Step-by-Step Guide: Azure Front Door + Storage Account Static Website + Custom Domain with Terraform

March 11, 2025
Network Security & Route Tables – Checking NSGs, route tables, and service endpoints for a targeted VNET or Subnet

Network Security & Route Tables – Checking NSGs, route tables, and service endpoints for a targeted VNET or Subnet

February 3, 2025

Categories

  • AI (2)
  • Apps (1)
  • Azure (63)
  • blazor (2)
  • Blog (91)
  • c# (7)
  • Cloud (65)
  • Courses (3)
  • Dapr (4)
  • docker (4)
  • Games (1)
  • General Tips & Fix (1)
  • Home (1)
  • Kubernetes Service (AKS) (1)
  • motivation (2)
  • Motivation (3)
  • News (9)
  • Resume (1)
  • sql (4)
  • Terrafrom (1)
  • Tricks, Tips and Fixes (4)
  • xamarin (5)
No Result
View All Result
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
    • General Tips & Fix
  • AI
  • Cloud
  • Motivation
  • Courses
  • About
    • Resume
    • Privacy Policy

ADVERTISEMENT