Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/samerde/no-cert-left-behind

Pull a customizable report of expiring certificates directly from your ADCS Certificate Authorities.
https://github.com/samerde/no-cert-left-behind

active-directory active-directory-certificate-services hacktoberfest pki powershell powershell-script sysadmin sysadmin-tool

Last synced: 10 days ago
JSON representation

Pull a customizable report of expiring certificates directly from your ADCS Certificate Authorities.

Host: GitHub
URL: https://github.com/samerde/no-cert-left-behind
Owner: SamErde
License: mit
Created: 2023-07-21T19:58:33.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-09-17T16:09:35.000Z (about 2 months ago)
Last Synced: 2024-10-12T20:44:40.669Z (26 days ago)
Topics: active-directory, active-directory-certificate-services, hacktoberfest, pki, powershell, powershell-script, sysadmin, sysadmin-tool
Language: PowerShell
Homepage:
Size: 1.21 MB
Stars: 6
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # No Cert Left Behind

![Banner image: An old attic cluttered with a wooden chest and shelves full of old papers.](NoCertLeftBehind.jpg)

Image Credit: [Peter Herrmann](https://unsplash.com/@tama66) via Unsplash.

Generate a report of expiring certificates from your Active Directory Certificate Services Certificate Authority.

[![Codacy Badge](https://api.codacy.com/project/badge/Grade/92b18813ce1a4668b804be370fa004bb)](https://app.codacy.com/gh/SamErde/No-Cert-Left-Behind?utm_source=github.com&utm_medium=referral&utm_content=SamErde/No-Cert-Left-Behind&utm_campaign=Badge_Grade)

This script checks ADCS Certificate Authorities for issued certificate requests that are expiring in the next 45 days. Specify a list of the template names that you want to check, and it will translate that to their OIDs, find expiring certs using those templates, and then send a report as directed. It is recommended to ignore certain templates that are always automatically renewed by computer and users.

Depends on the [PSPKI module](https://www.powershellgallery.com/packages/PSPKI) and the AD Certificate Services RSAT feature.

To Do:

- [ ] Add checks for prerequisites

- [ ] Turn into function(s)

- [ ] Take parameters for recipients and report output type

- [ ] Get CAs in all domains in AD forest

- [ ] Add error handling

- [ ] Show all template names (and optionally use Out-GridView/Out-ConsoleGridView to select desired templates)

- [ ] Use OGV to generate a text file containing templates and then use that file as list of monitored certificate templates for expiring certificates report