How to Check for Expiring Certificates in PowerShell

This one I’m saving for later. Don’t confuse this with actually managing certificates via the PKI module. This is really about finding information on certificates already deployed.

First of all, remember that Cert:\ is a PS drive. Try something like this when you open a PS prompt:

cd cert:\
cd currentuser\my
dir

PS C:\> cd cert:\
PS Cert:\> cd currentuser\my
PS Cert:\currentuser\my> dir

    Directory: Microsoft.PowerShell.Security\Certificate::currentuser\my

Thumbprint                               Subject                     
----------                               -------

So with that in mind, you can do the typical kind of listing/sorting/displaying. One of the interesting switches that shows up when you’re in the certificates drive is the –ExpiringInDays. This is extremely useful if you’re trying to get a return of certificates that are about to expire (think alerting.)

get-childitem -path Cert:\CurrentUser\My -ExpiringInDays 180

By doing this, you can treat this as a boolean return. If something pops up, fire an alert.