Created
December 1, 2012 01:18
-
-
Save codingoutloud/4179954 to your computer and use it in GitHub Desktop.
Dump information about expired certificates from the Windows Certificate Store
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Security.Cryptography.X509Certificates; | |
namespace DumpExpiredCertificates | |
{ | |
internal class Program | |
{ | |
private static void Main(string[] args) | |
{ | |
// Iterates through all of the X.509 digital certificates installed in the certificate store | |
// on a Windows operating system, dumping out some metadata about each. Each certificate, in | |
// each Certificate Store, from each Certificate Location is included. | |
// | |
// Bill Wilder | @codingoutloud | Nov 2012 | |
// Original: https://gist.github.com/4179954 | |
var totalCerts = 0; | |
var totalExpiredCerts = 0; | |
var totalNotYetValidCerts = 0; | |
foreach (var sl in Enum.GetValues(typeof (StoreLocation))) | |
{ | |
Console.WriteLine(String.Format("Store Location: {0}", sl)); | |
foreach (var sn in Enum.GetValues(typeof (StoreName))) | |
{ | |
var store = new X509Store((StoreName) sn, (StoreLocation) sl); | |
store.Open(OpenFlags.ReadOnly); | |
Console.WriteLine(String.Format(" Store Location/Store Name: {0}/{1}", | |
store.Location, store.Name)); | |
foreach (X509Certificate2 c in store.Certificates) | |
{ | |
totalCerts++; | |
var now = DateTime.UtcNow; | |
if (c.NotAfter < now || c.NotBefore > now) | |
{ | |
// Certificate c has expired or not yet become valid | |
if (c.NotAfter < now) totalExpiredCerts++; | |
if (c.NotBefore > now) totalNotYetValidCerts++; | |
Console.WriteLine(String.Format("{0} {1}/{2} {0}", | |
new string('-', 15), store.Location, store.Name)); | |
Console.WriteLine("{0}" + | |
"\tCertificate Subject Name: {1}" + | |
"\n\t Has private key? {2} Is archived? {3}" + | |
"\n\t X.509 version: {4}" + | |
"\n\t Key algorithm: {5} Signature algorithm: {6}" + | |
"\n\t Issuer: {7}" + | |
"\n\t Invalid before: {8}" + | |
"\n\t Invalid after: {9}" + | |
"\n\t {10} extensions", | |
String.IsNullOrEmpty(c.FriendlyName) | |
? "" | |
: String.Format("\t[Store Friendly Name: {0}]\n", | |
c.FriendlyName), | |
c.SubjectName.Name, | |
// FriendlyName is a store concept, not cert? | |
c.HasPrivateKey, c.Archived, | |
c.Version, | |
c.GetKeyAlgorithm(), c.SignatureAlgorithm, | |
c.IssuerName.Name, | |
c.NotBefore, c.NotAfter, | |
c.Extensions.Count); | |
foreach (var ext in c.Extensions) | |
{ | |
Console.WriteLine("\t OID = {0} {1}", ext.Oid.FriendlyName, | |
ext.Critical ? "[Critical]" : ""); | |
} | |
} | |
} | |
store.Close(); | |
} | |
} | |
Console.WriteLine("\nFor Operating System {0}...\n", Environment.OSVersion); | |
Console.WriteLine("Of {0} total certificates, {1} are not YET valid, {2} have EXPIRED.", | |
totalCerts, totalNotYetValidCerts, totalExpiredCerts); | |
Console.ReadLine(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment