stephanlinke/PRTG-CheckCertificate

## PRTG-CheckCertificate

param(

     $ComputerName = "www.google.de",

     [Parameter(ValueFromPipelineByPropertyName=$true)]
     [int]$Port = 443
   )
   begin {
     $ProtocolNames = [System.Security.Authentication.SslProtocols] | gm -static -MemberType Property | ?{$_.Name -notin @("Default","None")} | %{$_.Name}
   }
   process {
     $ProtocolStatus = [Ordered]@{}
     $ProtocolStatus.Add("ComputerName", $ComputerName)
     $ProtocolStatus.Add("Port", $Port)
     $ProtocolStatus.Add("KeyLength", $null)
     $ProtocolStatus.Add("SignatureAlgorithm", $null)

     $ProtocolNames | %{
       $ProtocolName = $_
       $Socket = New-Object System.Net.Sockets.Socket([System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp)
       $Socket.Connect($ComputerName, $Port)
       try {
         $NetStream = New-Object System.Net.Sockets.NetworkStream($Socket, $true)
         $SslStream = New-Object System.Net.Security.SslStream($NetStream, $true)
         $SslStream.AuthenticateAsClient($ComputerName,  $null, $ProtocolName, $false )
         $RemoteCertificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]$SslStream.RemoteCertificate
         $ProtocolStatus["KeyLength"] = $RemoteCertificate.PublicKey.Key.KeySize
         $ProtocolStatus["SignatureAlgorithm"] = $RemoteCertificate.SignatureAlgorithm.FriendlyName
         $ProtocolStatus["Certificate"] = $RemoteCertificate
         $ProtocolStatus.Add($ProtocolName, $true)
       } catch  {
         $ProtocolStatus.Add($ProtocolName, $false)
       } finally {
         $SslStream.Close()
       }
     }

 $remaining = (New-TimeSpan -Start (Get-Date) -End ([PSCustomObject]$ProtocolStatus.Certificate.NotAfter))

 Write-Host ([string]::Format(@"
<prtg>
    <result>
    <channel>{0}</channel>
    <value>{1}</value>
    <unit>TimeSeconds</unit>
    </result>
    <text>Das Zertifikat von {2} wird am {3} um {4} auslaufen.</text>
</prtg>
"@, "Verbleibend", [math]::round($remaining.TotalSeconds), $ComputerName, [PSCustomObject]$ProtocolStatus.Certificate.NotAfter.ToShortDateString(), [PSCustomObject]$ProtocolStatus.Certificate.NotAfter.TimeOfDay))
 }

	param(

	$ComputerName = "www.google.de",

	[Parameter(ValueFromPipelineByPropertyName=$true)]
	[int]$Port = 443
	)
	begin {
	$ProtocolNames = [System.Security.Authentication.SslProtocols] \| gm -static -MemberType Property \| ?{$_.Name -notin @("Default","None")} \| %{$_.Name}
	}
	process {
	$ProtocolStatus = [Ordered]@{}
	$ProtocolStatus.Add("ComputerName", $ComputerName)
	$ProtocolStatus.Add("Port", $Port)
	$ProtocolStatus.Add("KeyLength", $null)
	$ProtocolStatus.Add("SignatureAlgorithm", $null)

	$ProtocolNames \| %{
	$ProtocolName = $_
	$Socket = New-Object System.Net.Sockets.Socket([System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp)
	$Socket.Connect($ComputerName, $Port)
	try {
	$NetStream = New-Object System.Net.Sockets.NetworkStream($Socket, $true)
	$SslStream = New-Object System.Net.Security.SslStream($NetStream, $true)
	$SslStream.AuthenticateAsClient($ComputerName, $null, $ProtocolName, $false )
	$RemoteCertificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]$SslStream.RemoteCertificate
	$ProtocolStatus["KeyLength"] = $RemoteCertificate.PublicKey.Key.KeySize
	$ProtocolStatus["SignatureAlgorithm"] = $RemoteCertificate.SignatureAlgorithm.FriendlyName
	$ProtocolStatus["Certificate"] = $RemoteCertificate
	$ProtocolStatus.Add($ProtocolName, $true)
	} catch {
	$ProtocolStatus.Add($ProtocolName, $false)
	} finally {
	$SslStream.Close()
	}
	}

	$remaining = (New-TimeSpan -Start (Get-Date) -End ([PSCustomObject]$ProtocolStatus.Certificate.NotAfter))

	Write-Host ([string]::Format(@"
	<prtg>
	<result>
	<channel>{0}</channel>
	<value>{1}</value>
	<unit>TimeSeconds</unit>
	</result>
	<text>Das Zertifikat von {2} wird am {3} um {4} auslaufen.</text>
	</prtg>
	"@, "Verbleibend", [math]::round($remaining.TotalSeconds), $ComputerName, [PSCustomObject]$ProtocolStatus.Certificate.NotAfter.ToShortDateString(), [PSCustomObject]$ProtocolStatus.Certificate.NotAfter.TimeOfDay))
	}