Created
July 8, 2020 07:58
-
-
Save PakL/dcd11347f120496ae13e3cb3d7b72605 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
[Parameter(Mandatory=$true)][string]$ComputerName, | |
[int]$Port = 443 | |
) | |
Write-Host "Checking certificate for: " -Foreground DarkYellow -NoNewline | |
Write-Host "$($ComputerName):$($Port)" -Foreground Yellow | |
$Certificate = $null | |
$TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient | |
try { | |
$TcpClient.Connect($ComputerName, $Port) | |
$TcpStream = $TcpClient.GetStream() | |
$Callback = { param($sender, $cert, $chain, $errors) return $true } | |
$SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $Callback) | |
try { | |
$SslStream.AuthenticateAsClient($ComputerName) | |
$Certificate = $SslStream.RemoteCertificate | |
} catch { | |
Write-Host "SSL handshake failed!" -Foreground Red | |
} finally { | |
$SslStream.Dispose() | |
} | |
} catch { | |
Write-Host "Connection to host failed!" -Foreground Red | |
} finally { | |
$TcpClient.Dispose() | |
} | |
if ($Certificate) { | |
if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) { | |
$Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate | |
} | |
$esc = [char]0x001b | |
$certVerified = $Certificate.Verify() | |
$issuerColor = "32" | |
if(-not $certVerified) { | |
$issuerColor = "31" | |
} | |
$subject = $Certificate.Subject -replace "([a-z]{1,2}=|,)", (-join("$esc[90m",'$1',"$esc[$($issuerColor)m")) | |
Write-Host "├ Subject: " -Foreground Blue -NoNewline | |
Write-Host $subject | |
$issuer = $Certificate.Issuer -replace "([a-z]{1,2}=|,)", (-join("$esc[90m",'$1',"$esc[$($issuerColor)m")) | |
Write-Host "├ Issuer: " -Foreground Blue -NoNewline | |
Write-Host $issuer | |
$fromColor = "Red" | |
$fromDiff = New-TimeSpan -End $Certificate.NotBefore | |
if($certVerified -and $fromDiff.TotalDays -lt 0) { | |
$fromColor = "Green" | |
} | |
Write-Host "├ Valid from: " -Foreground Blue -NoNewline | |
$dateFrom = $Certificate.NotBefore.toString("dd.MM.yyyy HH:mm K") -replace "(\+[0-9]{2}:[0-9]{2})", (-join("$esc[90m",'$1',"$esc[0m")) | |
Write-Host $dateFrom -Foreground $fromColor | |
$untilColor = "Red" | |
$untilDiff = New-TimeSpan -End $Certificate.NotAfter | |
#$untilDiff = New-TimeSpan -Days -1 | |
if($certVerified -and $untilDiff.TotalDays -gt 30) { | |
$untilColor = "Green" | |
} elseif($certVerified -and $untilDiff.TotalDays -gt 14) { | |
$untilColor = "Yellow" | |
} elseif($certVerified -and $untilDiff.TotalDays -gt 0) { | |
$untilColor = "DarkMagenta" | |
} | |
Write-Host "├ Valid until: " -Foreground Blue -NoNewline | |
$dateUntil = $Certificate.NotAfter.toString("dd.MM.yyyy HH:mm K") -replace "(\+[0-9]{2}:[0-9]{2})", (-join("$esc[90m",'$1',"$esc[0m")) | |
Write-Host $dateUntil -Foreground $untilColor | |
$thumb = ($Certificate.Thumbprint -replace "([A-F0-9]{2})", (-join("$esc[90m:$esc[36m",'$1',"$esc[0m"))).Substring(6) | |
Write-Host "└ SHA1 Thumb: " -Foreground Blue -NoNewline | |
Write-Host $thumb -Foreground DarkCyan | |
if($fromColor -eq "Red") { | |
Write-Host "x Certificate is not yet valid!" -Foreground Red | |
} | |
if($untilColor -eq "Red") { | |
Write-Host "x Certificate is no longer valid!`nRenewal is required immediately!" -Foreground $untilColor | |
} elseif($untilColor -eq "Yellow") { | |
Write-Host "o Certificate is going to expire in less than 30 days." -Foreground $untilColor | |
} elseif($untilColor -eq "DarkMagenta") { | |
Write-Host "o Certificate is going to expire in less than 14 days.`nIt should be renewed as soon as possible." -Foreground $untilColor | |
} | |
if(-not $certVerified) { | |
Write-Host "x Certificate could not be verified!" -Foreground Red | |
} else { | |
Write-Host "o Certificate verified." -Foreground Green | |
} | |
Write-Host "" | |
} else { | |
Write-Host "No ssl certificate was found for " -Foreground Red -NoNewline | |
Write-Host "$($ComputerName):$($Port)" -Foreground Yellow | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment