Home » PowerShell » Get Certificate Expiration Date in PowerShell

Get Certificate Expiration Date in PowerShell

Use the Get-ChildIem cmdlet to get the certificate expiration date in PowerShell.It uses the Path parameter to accept the certification store location path to retrieve all certificates.

Certificates are important as part of security for applications or websites, hence it is important to know when they are set to expire.

The Get-ChildItem cmdlet in PowerShell is used to retrieve the items from the specified location. Certificates are stored in CurrentUser and LocalMachine locations.

In this article, we will discuss how to get the certificate expiration date in PowerShell.

Retrieve Windows Certification Location Using PowerShell

To get the certification store location in Windows OS, run the following PowerShell command.

 Get-ChildItem -Path Cert:\* 

In the above PowerShell script, the Get-ChildItem command uses the Path parameter to specify the certificate location. It retrieves the list of all certification store locations available in Windows.

The output of the above PowerShell to check and retrieve the certificate store location is:

Retrieve Certificate Store Location in Windows
Retrieve Certificate Store Location in Windows

The above PowerShell script gets CurrentUser Certification Store and LocalMachine Store location.

LocalMachine certificate store is located in the registry under the HKEY_LOCAL_MACHINE root.

The CurrentUser certificate store is located in the registry under the HKEY_CURRENT_USER root.

Get Certificate Expiration Date

Use the Get-ChildItem cmdlet in PowerShell to retrieve the certificate’s due date.

In the following example, it gets the list of all the certificates from the LocalMachine store along with their expiration date, thumbprint, and friendly name.

Get-ChildItem -Path Cert:\LocalMachine\My\ | Select Thumbprint,FriendlyName,NotAfter, NotBefore 

In the above PowerShell script, the Get-ChildItem command uses the Path parameter to specify the LocalMachine\My certification store location path and retrieves all certificates’ expiration dates, FriendlyName, and Thumbprint of the certificates.

NotAfter property of the certificate is used to get the certificate expiry date. It returns the date and time of the certificate when they are set to expire or is no longer valid.

The output of the above PowerShell script to fetch all the certificates from the LocalMachine store and obtain their expiration date is:

PowerShell Get Certificate Expiration Date
PowerShell Get Certificate Expiration Date

Cool Tip: How to check SSL certificate expiration date in PowerShell!

Conclusion

I hope the above article on how to retrieve certificates from the certification store and get the certificate expiration date using the Get-ChildItem cmdlet is helpful to you.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.