I am trying to make a powershell script that will check Azure Application Proxy certificates.
What i want to accomplish is that the script will show when a certificate is less then 30 days before expiring.
I have this so far
$aadapServPrinc = Get-AzureADServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}
$allApps = Get-AzureADApplication -Top 100000
$aadapApp = $aadapServPrinc | ForEach-Object { $allApps -match $_.AppId}
Write-Host "Displaying all custom domain Azure AD Application Proxy applications and the uploaded certificates..." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
# Get the list of SSL certificates assigned Azure AD Application Proxy applications
[string[]]$certs = $null
foreach ($item in $aadapApp) {
$tempApps = Get-AzureADApplicationProxyApplication -ObjectId $item.ObjectId
$certs = $tempApps.VerifiedCustomDomainCertificatesMetadata
$certsexpire $tempApps.VerifiedCustomDomainCertificatesMetadata.ExpiryDate | Out-Null
If ($tempApps.VerifiedCustomDomainCertificatesMetadata -match "class") { }
}
Write-Host ("")
Write-Host ("Used certificates: ")
Write-Host ("")
$certs | Sort-Object | Get-Unique
This will list the certificates.
I have tried making a simple Get-Date, and converting it to UTC etc.
$tempApps.VerifiedCustomDomainCertificatesMetadata.ExpiryDate will output like this: 3/14/2022 10:59:00 PM
I have tried something like this
$Today = Get-Date
$ExpiryDate = $tempApps.VerifiedCustomDomainCertificatesMetadata.ExpiryDate
[Datetime]$ExpiryDate = $ExpiryDate
$Diff = New-TimeSpan -Start $Today -End $ExpiryDate
I want my output to be like this: Used certificates: Show all certificates being used
IF ($Diff.days -lt 30)) Show which certificate is soon to expire.
CodePudding user response:
This PowerShell script example exports all app registrations secrets and certificates expiring beyond a required period for the specified apps from your directory in a CSV file non-interactively.
CodePudding user response:
First, do not make $certs a string array (i.e., [string[]]$certs = $null). By doing this we limit the amount of data available to use later in the script. Instead we should initialize it as an empty array by setting it equal to @() which is the called the the array sub-expression operator
$certs = @()
This allows us to add any type of object to it. Doing this will allow us to capture full VerifiedCustomDomainCertificatesMetadata objects later instead of just their ToString() value.
Now that we've done this the objects captured in $certs will already have the ExpiryDate property so you do not need to keep track of this separately in another variable. $certs should be an array of MetaDataObjects. At the end when you want to view which certs are going to expire within 30 days you can just loop through the certs and check their ExpiryDate properties.
You can use the below code which uses Where-Object to do this. Inside the Where-Object FilterScript block $_ is used to access the current item being processed from the pipeline. We are checking if this object's ExpiryDate is greater than today's date - 30 days. If it is it will be outputted to the screen. Each object (cert) will be processed in this manner leaving you with a list of certs that will be expiring in the next 30 days.
$certs | Where-Object { $_.ExpiryDate -gt [datetime]::Today.AddDays(-30) }
It is at this point where you can cast the objects to string to convert them to their string representation if that is what you want. Foreach-Object can be used for this. Similar to Where-Object, we provide Foreach-Object with a scriptblock (called a process block for Foreach-Object) where action can be taken on each object using $_.
$certs |
Where-Object { $_.ExpiryDate -gt [datetime]::Today.AddDays(-30) } |
Foreach-Object { [string]$_ )