Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Dump information about expired certificates from the Windows Certificate Store
using System;
using System.Security.Cryptography.X509Certificates;
namespace DumpExpiredCertificates
{
internal class Program
{
private static void Main(string[] args)
{
// Iterates through all of the X.509 digital certificates installed in the certificate store
// on a Windows operating system, dumping out some metadata about each. Each certificate, in
// each Certificate Store, from each Certificate Location is included.
//
// Bill Wilder | @codingoutloud | Nov 2012
// Original: https://gist.github.com/4179954
var totalCerts = 0;
var totalExpiredCerts = 0;
var totalNotYetValidCerts = 0;
foreach (var sl in Enum.GetValues(typeof (StoreLocation)))
{
Console.WriteLine(String.Format("Store Location: {0}", sl));
foreach (var sn in Enum.GetValues(typeof (StoreName)))
{
var store = new X509Store((StoreName) sn, (StoreLocation) sl);
store.Open(OpenFlags.ReadOnly);
Console.WriteLine(String.Format(" Store Location/Store Name: {0}/{1}",
store.Location, store.Name));
foreach (X509Certificate2 c in store.Certificates)
{
totalCerts++;
var now = DateTime.UtcNow;
if (c.NotAfter < now || c.NotBefore > now)
{
// Certificate c has expired or not yet become valid
if (c.NotAfter < now) totalExpiredCerts++;
if (c.NotBefore > now) totalNotYetValidCerts++;
Console.WriteLine(String.Format("{0} {1}/{2} {0}",
new string('-', 15), store.Location, store.Name));
Console.WriteLine("{0}" +
"\tCertificate Subject Name: {1}" +
"\n\t Has private key? {2} Is archived? {3}" +
"\n\t X.509 version: {4}" +
"\n\t Key algorithm: {5} Signature algorithm: {6}" +
"\n\t Issuer: {7}" +
"\n\t Invalid before: {8}" +
"\n\t Invalid after: {9}" +
"\n\t {10} extensions",
String.IsNullOrEmpty(c.FriendlyName)
? ""
: String.Format("\t[Store Friendly Name: {0}]\n",
c.FriendlyName),
c.SubjectName.Name,
// FriendlyName is a store concept, not cert?
c.HasPrivateKey, c.Archived,
c.Version,
c.GetKeyAlgorithm(), c.SignatureAlgorithm,
c.IssuerName.Name,
c.NotBefore, c.NotAfter,
c.Extensions.Count);
foreach (var ext in c.Extensions)
{
Console.WriteLine("\t OID = {0} {1}", ext.Oid.FriendlyName,
ext.Critical ? "[Critical]" : "");
}
}
}
store.Close();
}
}
Console.WriteLine("\nFor Operating System {0}...\n", Environment.OSVersion);
Console.WriteLine("Of {0} total certificates, {1} are not YET valid, {2} have EXPIRED.",
totalCerts, totalNotYetValidCerts, totalExpiredCerts);
Console.ReadLine();
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment