commands

^

Test-DbaComputerCertificateExpiration

Author Chrissy LeMaire (@cl), netnerds.net
Availability Windows only

 

Synopsis

Tests for certificates that are expiring soon

Description

Tests for certificates that are expiring soon

By default, it tests candidates that are ideal for using with SQL Server's network encryption

Syntax

Test-DbaComputerCertificateExpiration
    [[-ComputerName] <DbaInstanceParameter[]>]
    [[-Credential] <PSCredential>]
    [[-Store] <String[]>]
    [[-Folder] <String[]>]
    [[-Type] <String>]
    [[-Path] <String>]
    [[-Thumbprint] <String[]>]
    [[-Threshold] <Int32>]
    [-EnableException]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Test-DbaComputerCertificateExpiration

Gets computer certificates on localhost that are candidates for using with SQL Server's network encryption then checks to see if they'll be expiring within 30 days

Example: 2
PS C:\> Test-DbaComputerCertificateExpiration -ComputerName sql2016 -Threshold 90

Gets computer certificates on sql2016 that are candidates for using with SQL Server's network encryption then checks to see if they'll be expiring within 90 days

Example: 3
PS C:\> Test-DbaComputerCertificateExpiration -ComputerName sql2016 -Thumbprint 8123472E32AB412ED4288888B83811DB8F504DED, 04BFF8B3679BB01A986E097868D8D494D70A46D6

Gets computer certificates on sql2016 that match thumbprints 8123472E32AB412ED4288888B83811DB8F504DED or 04BFF8B3679BB01A986E097868D8D494D70A46D6 then checks to see if they'll be expiring within 30
days

Optional Parameters

-ComputerName

The target SQL Server instance or instances. Defaults to localhost. If target is a cluster, you must specify the distinct nodes.

Alias
Required False
Pipeline true (ByValue)
Default Value $env:COMPUTERNAME
-Credential

Allows you to login to $ComputerName using alternative credentials.

Alias
Required False
Pipeline false
Default Value
-Store

Certificate store - defaults to LocalMachine

Alias
Required False
Pipeline false
Default Value LocalMachine
-Folder

Certificate folder - defaults to My (Personal)

Alias
Required False
Pipeline false
Default Value My
-Type

The type of certificates to return. All, Service or SQL Server. All is all certificates Service is certificates that are candidates for SQL Server services (But may be for IIS, etc) SQL Server is certificates currently in use by SQL Server

Alias
Required False
Pipeline false
Default Value Service
Accepted Values All,Service,SQL Server
-Path

The path to a certificate - basically changes the path into a certificate object

Alias
Required False
Pipeline false
Default Value
-Thumbprint

Return certificate based on thumbprint

Alias
Required False
Pipeline false
Default Value
-Threshold

Number of days before expiration to warn. Defaults to 30.

Alias
Required False
Pipeline false
Default Value 30
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False

 

Want to see the source code for this command? Check out Test-DbaComputerCertificateExpiration on GitHub.
Want to see the Bill Of Health for this command? Check out Test-DbaComputerCertificateExpiration.