0

need help with Powershell. We need to find server certificate expiration using powershell. These are weblogic console Urls. The URLs have context and port like https://server:7020/context . If I browse URL without context, I get error -

Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found

I have tried with following code -

Try{
$Conn = New-Object 

System.Net.Sockets.TcpClient($WebsiteURL,$WebsitePort)

Try {
$Stream = New-Object 

System.Net.Security.SslStream($Conn.GetStream(),$false, {

param($sender, $certificate, $chain, $sslPolicyErrors)
return $true
})
$Stream.AuthenticateAsClient($CommonName)

If I try a server without context it gives following error -

A call to SSPI failed, see inner exception.

What are commands and options to query in powershell? Any help is appreciated.

Improve this question
4
  • The path stem ("context") won't have any bearing on the certificate being presented, so you only need to worry about changing the port - maybe show us an example of what you've tried/failed to do? Commented Aug 7, 2020 at 14:38
  • Updated the original post. When tried on browser, do not see a response without a context. Using powershell get above error. Commented Aug 11, 2020 at 11:05
  • The error is caused by mismatching TLS versions. Presumably, your server is using TLS 1.2 - set your PS session to match at the start of your script with [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Commented Aug 11, 2020 at 15:04
  • Thanks CrookedJ.. The issue was with TLS 1.2. Need to update the script. Commented Aug 12, 2020 at 12:43

1 Answer 1

Reset to default
4

Using Get-RemoteSslCertificate from jstangroome you can simply run the following to return the expiration.

(Get-RemoteSslCertificate -ComputerName server -Port 7020).NotAfter

The Get-RemoteSslCertificate function:

function Get-RemoteSslCertificate {
    # Author: jstangroome https://gist.github.com/jstangroome/5945820
    [CmdletBinding()]
    param (
        [Parameter(Mandatory=$true)]
        [string]
        $ComputerName,
    
        [int]
        $Port = 443
    )
    
    $Certificate = $null
    $TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient
    try {
    
        $TcpClient.Connect($ComputerName, $Port)
        $TcpStream = $TcpClient.GetStream()
    
        $Callback = { param($sender, $cert, $chain, $errors) return $true }
    
        $SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $Callback)
        try {
    
            $SslStream.AuthenticateAsClient('')
            $Certificate = $SslStream.RemoteCertificate
    
        } finally {
            $SslStream.Dispose()
        }
    
    } finally {
        $TcpClient.Dispose()
    }
    
    if ($Certificate) {
        if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) {
            $Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate
        }
    
        Write-Output $Certificate
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Looks good. But does not help if we have to context.
That's not how HTTPS works, context is entirely unnecessary.
Thanks CrookedJ.. The issue was with TLS 1.2. Need to update the script.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.