Create an Alert or Report for DP cert?

[xerxes2985]

Good afternoon,

Is there a built-in Alert or Report (or one that can be made simply enough) to send an email (or notify in the console) that the Distribution Point certificate is expiring within 30 days? Is this possible?

Thanks!

Jesse

[Peter33]

Hello Jesse,

 

i just put that idea into a tiny script because that is something i will be end up using too. So thank's for the idea.

Just create a daily scheduled task that runs the script.

#####################################################################################################################
$rserver = 'smtprelay.mydomain' # your smtp relay server
$rport = '25' # your smtp relay server port
$from = 'sccm@mydomain' # make sure to edit mydomain
$to = 'my.name@mydomain' # your email address here
$subject = "IIS Certificate of $env:COMPUTERNAME expires soon"
$body = "The IIS certificate of $env:COMPUTERNAME is about to expire soon (xxx). Time to wake up mate."
$ipport = '0.0.0.0:443' # modify if you need to
$days = '30' # grace period before the script starts bothering you
######################################################################################################################

$warn = (Get-Date).AddDays($days)
$cmd = [string]"& netsh http show sslcert ipport={0}" -f $ipport
$certhash = (((Invoke-Expression $cmd | Where-Object {$_ -match 'Certificate Hash'}) -split ':')[1]).trim()
$cert = Get-ChildItem Cert:\LocalMachine\My -ErrorAction SilentlyContinue | Where-Object {$_.Thumbprint -eq $certhash}
$certexpire = $cert.NotAfter
if($certexpire -le $warn){
  $body = $body -replace 'xxx', $cert.NotAfter
  Send-MailMessage -SmtpServer $rserver -Port $rport -Subject $subject -From $from -To $to -Body $body
}

So long

Peter