| Author | Chrissy LeMaire (@cl), netnerds.net |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Test-DbaComputerCertificateExpiration on GitHub.
Want to see the Bill Of Health for this command? Check out Test-DbaComputerCertificateExpiration.
Tests for certificates that are expiring soon
Tests for certificates that are expiring soon
By default, it tests candidates that are ideal for using with SQL Server's network encryption
Test-DbaComputerCertificateExpiration
[[-ComputerName] <DbaInstanceParameter[]>]
[[-Credential] <PSCredential>]
[[-Store] <String[]>]
[[-Folder] <String[]>]
[[-Type] <String>]
[[-Path] <String>]
[[-Thumbprint] <String[]>]
[[-Threshold] <Int32>]
[-EnableException]
[<CommonParameters>]
PS C:\> Test-DbaComputerCertificateExpiration
Gets computer certificates on localhost that are candidates for using with SQL Server's network encryption then checks to see if they'll be expiring within 30 days
PS C:\> Test-DbaComputerCertificateExpiration -ComputerName sql2016 -Threshold 90
Gets computer certificates on sql2016 that are candidates for using with SQL Server's network encryption then checks to see if they'll be expiring within 90 days
PS C:\> Test-DbaComputerCertificateExpiration -ComputerName sql2016 -Thumbprint 8123472E32AB412ED4288888B83811DB8F504DED, 04BFF8B3679BB01A986E097868D8D494D70A46D6
Gets computer certificates on sql2016 that match thumbprints 8123472E32AB412ED4288888B83811DB8F504DED or 04BFF8B3679BB01A986E097868D8D494D70A46D6 then checks to see if they'll be expiring within 30
days
The target SQL Server instance or instances. Defaults to localhost. If target is a cluster, you must specify the distinct nodes.
| Alias | |
| Required | False |
| Pipeline | true (ByValue) |
| Default Value | $env:COMPUTERNAME |
Allows you to login to $ComputerName using alternative credentials.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Certificate store - defaults to LocalMachine
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | LocalMachine |
Certificate folder - defaults to My (Personal)
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | My |
The type of certificates to return. All, Service or SQL Server.
All is all certificates
Service is certificates that are candidates for SQL Server services (But may be for IIS, etc)
SQL Server is certificates currently in use by SQL Server
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | Service |
| Accepted Values | All,Service,SQL Server |
The path to a certificate - basically changes the path into a certificate object
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Return certificate based on thumbprint
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Number of days before expiration to warn. Defaults to 30.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | 30 |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |