Using CertUtil to display certificates which will expire in a given date range

There are a number of articles online which give the syntax for filtering certutil’s output however they never seem to work for me with 2008 and 2008 R2 certificate servers.  The following command works for 2008 and 2008 R2 servers and filters on a date range as well as a certificate template.  I find that filtering on the certificate template as well as dates is really handy when different teams are responsible for different templates.

certutil -view -restrict "NotAfter>=01/10/2012 1:00 a.m.,NotAfter<=01/07/2013 1:00 a.m.,certificatetemplate=1.3.6.1.4.1.311.21.8.10618822.7602061.4000098.14529975.1041655.1.7250419.9462924" -out "RequestID,NotBefore,NotAfter,CertificateTemplate,CommonName" | more 

Note this command uses the certificate template OID rather than the display name, in the certsrv MMC you can get the OID by navigating to the certificate templates node.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s