PakL/cert-check.ps1

## cert-check.ps1
param (
	[Parameter(Mandatory=$true)][string]$ComputerName,
	[int]$Port = 443
)

Write-Host "Checking certificate for: " -Foreground DarkYellow -NoNewline
Write-Host "$($ComputerName):$($Port)" -Foreground Yellow

$Certificate = $null
$TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient
try {

	$TcpClient.Connect($ComputerName, $Port)
	$TcpStream = $TcpClient.GetStream()

	$Callback = { param($sender, $cert, $chain, $errors) return $true }

	$SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $Callback)
	try {

		$SslStream.AuthenticateAsClient($ComputerName)
		$Certificate = $SslStream.RemoteCertificate

	} catch {
		Write-Host "SSL handshake failed!" -Foreground Red
	} finally {
		$SslStream.Dispose()
	}
} catch {
	Write-Host "Connection to host failed!" -Foreground Red
} finally {
	$TcpClient.Dispose()
}

if ($Certificate) {
	if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) {
		$Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate
	}

	$esc = [char]0x001b

	$certVerified = $Certificate.Verify()

	$issuerColor = "32"
	if(-not $certVerified) {
		$issuerColor = "31"
	}
	$subject = $Certificate.Subject -replace "([a-z]{1,2}=|,)", (-join("$esc[90m",'$1',"$esc[$($issuerColor)m"))
	Write-Host "├ Subject:     " -Foreground Blue -NoNewline
	Write-Host $subject
	$issuer = $Certificate.Issuer -replace "([a-z]{1,2}=|,)", (-join("$esc[90m",'$1',"$esc[$($issuerColor)m"))
	Write-Host "├ Issuer:      " -Foreground Blue -NoNewline
	Write-Host $issuer

	$fromColor = "Red"
	$fromDiff = New-TimeSpan -End $Certificate.NotBefore
	if($certVerified -and $fromDiff.TotalDays -lt 0) {
		$fromColor = "Green"
	}
	Write-Host "├ Valid from:  " -Foreground Blue -NoNewline
	$dateFrom = $Certificate.NotBefore.toString("dd.MM.yyyy HH:mm K") -replace "(\+[0-9]{2}:[0-9]{2})", (-join("$esc[90m",'$1',"$esc[0m"))
	Write-Host $dateFrom -Foreground $fromColor

	$untilColor = "Red"
	$untilDiff = New-TimeSpan -End $Certificate.NotAfter
	#$untilDiff = New-TimeSpan -Days -1
	if($certVerified -and $untilDiff.TotalDays -gt 30) {
		$untilColor = "Green"
	} elseif($certVerified -and $untilDiff.TotalDays -gt 14) {
		$untilColor = "Yellow"
	} elseif($certVerified -and $untilDiff.TotalDays -gt 0) {
		$untilColor = "DarkMagenta"
	}
	Write-Host "├ Valid until: " -Foreground Blue -NoNewline
	$dateUntil = $Certificate.NotAfter.toString("dd.MM.yyyy HH:mm K") -replace "(\+[0-9]{2}:[0-9]{2})", (-join("$esc[90m",'$1',"$esc[0m"))
	Write-Host $dateUntil -Foreground $untilColor

	$thumb = ($Certificate.Thumbprint -replace "([A-F0-9]{2})", (-join("$esc[90m:$esc[36m",'$1',"$esc[0m"))).Substring(6)
	Write-Host "└ SHA1 Thumb:  " -Foreground Blue -NoNewline
	Write-Host $thumb -Foreground DarkCyan

	if($fromColor -eq "Red") {
		Write-Host "x Certificate is not yet valid!" -Foreground Red
	}
	if($untilColor -eq "Red") {
		Write-Host "x Certificate is no longer valid!`nRenewal is required immediately!" -Foreground $untilColor
	} elseif($untilColor -eq "Yellow") {
		Write-Host "o Certificate is going to expire in less than 30 days." -Foreground $untilColor
	} elseif($untilColor -eq "DarkMagenta") {
		Write-Host "o Certificate is going to expire in less than 14 days.`nIt should be renewed as soon as possible." -Foreground $untilColor
	}

	if(-not $certVerified) {
		Write-Host "x Certificate could not be verified!" -Foreground Red
	} else {
		Write-Host "o Certificate verified." -Foreground Green
	}

	Write-Host ""
} else {
	Write-Host "No ssl certificate was found for " -Foreground Red -NoNewline
	Write-Host "$($ComputerName):$($Port)" -Foreground Yellow
}
	param (
	[Parameter(Mandatory=$true)][string]$ComputerName,
	[int]$Port = 443
	)

	Write-Host "Checking certificate for: " -Foreground DarkYellow -NoNewline
	Write-Host "$($ComputerName):$($Port)" -Foreground Yellow

	$Certificate = $null
	$TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient
	try {

	$TcpClient.Connect($ComputerName, $Port)
	$TcpStream = $TcpClient.GetStream()

	$Callback = { param($sender, $cert, $chain, $errors) return $true }

	$SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $Callback)
	try {

	$SslStream.AuthenticateAsClient($ComputerName)
	$Certificate = $SslStream.RemoteCertificate

	} catch {
	Write-Host "SSL handshake failed!" -Foreground Red
	} finally {
	$SslStream.Dispose()
	}
	} catch {
	Write-Host "Connection to host failed!" -Foreground Red
	} finally {
	$TcpClient.Dispose()
	}

	if ($Certificate) {
	if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) {
	$Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate
	}

	$esc = [char]0x001b

	$certVerified = $Certificate.Verify()

	$issuerColor = "32"
	if(-not $certVerified) {
	$issuerColor = "31"
	}
	$subject = $Certificate.Subject -replace "([a-z]{1,2}=\|,)", (-join("$esc[90m",'$1',"$esc[$($issuerColor)m"))
	Write-Host "├ Subject: " -Foreground Blue -NoNewline
	Write-Host $subject
	$issuer = $Certificate.Issuer -replace "([a-z]{1,2}=\|,)", (-join("$esc[90m",'$1',"$esc[$($issuerColor)m"))
	Write-Host "├ Issuer: " -Foreground Blue -NoNewline
	Write-Host $issuer

	$fromColor = "Red"
	$fromDiff = New-TimeSpan -End $Certificate.NotBefore
	if($certVerified -and $fromDiff.TotalDays -lt 0) {
	$fromColor = "Green"
	}
	Write-Host "├ Valid from: " -Foreground Blue -NoNewline
	$dateFrom = $Certificate.NotBefore.toString("dd.MM.yyyy HH:mm K") -replace "(\+[0-9]{2}:[0-9]{2})", (-join("$esc[90m",'$1',"$esc[0m"))
	Write-Host $dateFrom -Foreground $fromColor

	$untilColor = "Red"
	$untilDiff = New-TimeSpan -End $Certificate.NotAfter
	#$untilDiff = New-TimeSpan -Days -1
	if($certVerified -and $untilDiff.TotalDays -gt 30) {
	$untilColor = "Green"
	} elseif($certVerified -and $untilDiff.TotalDays -gt 14) {
	$untilColor = "Yellow"
	} elseif($certVerified -and $untilDiff.TotalDays -gt 0) {
	$untilColor = "DarkMagenta"
	}
	Write-Host "├ Valid until: " -Foreground Blue -NoNewline
	$dateUntil = $Certificate.NotAfter.toString("dd.MM.yyyy HH:mm K") -replace "(\+[0-9]{2}:[0-9]{2})", (-join("$esc[90m",'$1',"$esc[0m"))
	Write-Host $dateUntil -Foreground $untilColor

	$thumb = ($Certificate.Thumbprint -replace "([A-F0-9]{2})", (-join("$esc[90m:$esc[36m",'$1',"$esc[0m"))).Substring(6)
	Write-Host "└ SHA1 Thumb: " -Foreground Blue -NoNewline
	Write-Host $thumb -Foreground DarkCyan

	if($fromColor -eq "Red") {
	Write-Host "x Certificate is not yet valid!" -Foreground Red
	}
	if($untilColor -eq "Red") {
	Write-Host "x Certificate is no longer valid!`nRenewal is required immediately!" -Foreground $untilColor
	} elseif($untilColor -eq "Yellow") {
	Write-Host "o Certificate is going to expire in less than 30 days." -Foreground $untilColor
	} elseif($untilColor -eq "DarkMagenta") {
	Write-Host "o Certificate is going to expire in less than 14 days.`nIt should be renewed as soon as possible." -Foreground $untilColor
	}

	if(-not $certVerified) {
	Write-Host "x Certificate could not be verified!" -Foreground Red
	} else {
	Write-Host "o Certificate verified." -Foreground Green
	}

	Write-Host ""
	} else {
	Write-Host "No ssl certificate was found for " -Foreground Red -NoNewline
	Write-Host "$($ComputerName):$($Port)" -Foreground Yellow
	}