Get SSL Certificate Validity Dates with PowerShell

SSL certificates are a very crucial part of the website. They play a key role in securing the exchange of information on both client and server sides by activating an HTTPS secure connection. In the below article with the PowerShell, we will get the certificate validity date (starting and expiry date) for the certificate using PowerShell.

To achieve this, we need to make httpwebrequest but before that, we will ignore SSL warning by the below command.

[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }

And then we wil make the HTTP web request by calling a .Net class.

$url = "https://www.microsoft.com/" $req = [Net.HttpWebRequest]::Create($url)

When we check the $req there are few properties displayed but as we are interested in the certificate date we will use the specific property ServicePoint to retrieve the related information.

$req.ServicePoint

The output of the above command.

PS C:\WINDOWS\system32> $req.ServicePoint BindIPEndPointDelegate :
ConnectionLeaseTimeout : -1
Address : https://www.microsoft.com/
MaxIdleTime : 100000
UseNagleAlgorithm : True
ReceiveBufferSize : -1
Expect100Continue : True
IdleSince : 23-06-2020 07:02:36
ProtocolVersion : 1.1
ConnectionName : https
ConnectionLimit : 2
CurrentConnections : 0
Certificate :
ClientCertificate :
SupportsPipelining : True

As you can see in the above property that certificate field is null so to retrieve the information, we need to use GetResponse() method.

$req.GetResponse()

The output of the above command.

IsMutuallyAuthenticated : False
Cookies : {}
Headers : {Pragma, X-Activity-Id, MS-CV, X-AppVersion...}
SupportsHeaders : True
ContentLength : -1
ContentEncoding :
ContentType : text/html; charset=utf-8
CharacterSet : utf-8
Server :
LastModified : 23-06-2020 07:06:44
StatusCode : OK
StatusDescription : OK
ProtocolVersion : 1.1
ResponseUri : https://www.microsoft.com/en-in/
Method : GET
IsFromCache : False

Now, we will run the previous command and check if we can retrieve the certificate information.

PS C:\WINDOWS\system32> $req.ServicePoint
BindIPEndPointDelegate :
ConnectionLeaseTimeout : -1
Address : https://www.microsoft.com/en-in/
MaxIdleTime : 100000
UseNagleAlgorithm : True
ReceiveBufferSize : -1
Expect100Continue : True
IdleSince : 23-06-2020 07:06:44
ProtocolVersion : 1.1
ConnectionName : https
ConnectionLimit : 2
CurrentConnections : 1
Certificate : System.Security.Cryptography.X509Certificates.X509Cer
tificate
ClientCertificate :
SupportsPipelining : True

Yes, we could retrieve the certificate information. You can use try/catch block in case the GetResponse() command throws an exception and that I will be using it in the final script. But for this moment, we are interested in retrieving certificate dates.

$req.ServicePoint.Certificate

You will see the output as shown below.

In the above output still, the dates are missing, so we will check if there are any properties or methods to retrieve dates. We will check the properties and methods available for the Date.

$req.ServicePoint.Certificate | gm | where{$_.Name -like "*Date*"}

TypeName: System.Security.Cryptography.X509Certificates.X509Certificate
 Name                       MemberType Definition
----                        ---------- ----------
GetEffectiveDateString      Method  string GetEffectiveDateString() GetExpirationDateString     Method string GetExpirationDateString()

Here we have both the methods to get the Expiration and Effective start date.

Start Date −

PS C:\WINDOWS\system32> $req.ServicePoint.Certificate.GetEffectiveDateString() 24-06-2019 06:25:35

End Date −

PS C:\WINDOWS\system32> $req.ServicePoint.Certificate.GetExpirationDateString() 22-10-2021 03:34:04

The entire script is mentioned as below.

[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
$url = "https://www.microsoft.com/"
$req = [Net.HttpWebRequest]::Create($url)
$req.GetResponse() | Out-Null
$output = [PSCustomObject]@{
   URL = $url
   'Cert Start Date' = $req.ServicePoint.Certificate.GetEffectiveDateString()
   'Cert End Date' = $req.ServicePoint.Certificate.GetExpirationDateString()
}
$output

URL                         Cert Start Date             Cert End Date
 ---                        ---------------             -------------
https://www.microsoft.com/  26-06-2019 09:10:38      22-10-2021 03:34:04