PKI Expired Certificate Cleanup Script

 # Date define our Certificate Retention period.

$FileName = (Get-date).ToString("dd-MM-yyyy")

 

$Date = (Get-Date).AddDays(-375).ToShortDateString()

# Store List of Certificate which need to take action.

# Disposition Values

# 20 certificate was issued

# 21 certificate is revoked

# 30 certificate request failed

# 31 certificate request is denied

$CollectRow = certutil.exe -view -restrict "Disposition=30,notbefore<=$Date" -out Requestid csv | findstr.exe /v "Issued Request ID"

foreach($DelCert in $CollectRow) {

    Certutil -deleterow $DelCert Request

    $CALog = "$DelCert Successfully Deleted"

    $CALog | Out-File "C:\CAClearLog\$FileName + CAResult-log.txt" -Append

}

PKI Certificate Cleanup from Issuing Authority

 <# 

.Description 

    The Script will help to delete certificate which we defined in the input file.  

#>

$ExpiredCertficates = Get-Content C:\temp\row1.txt

foreach($ExpiredCertficate in $ExpiredCertficates) {

    Certutil -deleterow $ExpiredCertficate Request

    Write-Host "Deleting Certificate $ExpiredCertficate"

}

PKI Certificate Report

<# 

.Description 

    The Script will help to fetch Certificate Expiration Date as we defined. 

#>

certutil.exe -view -restrict 'disposition=20,NotAfter<=12/1/2019' -out 'RequestID,RequesterName,NotBefore,NotAfter,Disposition,Request.RequestID,Issued Email Address' csv > C:\temp\Issued_Validation.csv