Our great sponsors
-
CertMon
A simple example of using GitHub Actions with PowerShell and Pester to monitor certificates on a list of web servers.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
.DESCRIPTION This cmdlet tests a URI for connectivity, and checks whether the TLS certificate is valid, expired, expiring soon, and returns information about the certificate when used with InformationLevel 'Detailed'. .PARAMETER Uri Specifies an HTTP/HTTPS URI. For example, https://www.powershellgallery.com .PARAMETER InformationLevel Specifies whether to return detailed information, or a simple $true or $false. .EXAMPLE Test-Uri https://badssl.com/ Returns a detailed TestUriResult with an IsTrusted property value of $true under normal circumstances. .EXAMPLE Test-Uri https://badssl.com/ -InformationLevel Quiet Returns a value of $true under normal circumstances. .EXAMPLE Test-Uri https://expired.badssl.com/ Returns a detailed TestUriResult with an IsExpired property value of $true .EXAMPLE Test-Uri https://expired.badssl.com/ Returns a detailed TestUriResult with an IsExpired property value of $true .EXAMPLE Test-Uri https://tls-v1-1.badssl.com:1011/ -SslProtocol Tls11 Returns a detailed TestUriResult where IsTrusted and UriTestSucceeded are $true, because we've specified to use SslProtocol Tls11. .EXAMPLE Test-Uri https://tls-v1-1.badssl.com:1011/ Returns a detailed TestUriResult where IsTrusted and UriTestSucceeded are $false, because only Tls12 and Tls13 are trusted by default. #> [CmdletBinding()] param ( [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName, Position = 0)] [uri[]] $Uri, [Parameter()] [System.Security.Authentication.SslProtocols[]] $SslProtocol = @([System.Security.Authentication.SslProtocols]::Tls12, [System.Security.Authentication.SslProtocols]::Tls13), [Parameter()] [ValidateSet('Detailed', 'Quiet')] [string] $InformationLevel = 'Detailed' ) process { [System.Security.Authentication.SslProtocols]$trustedProtocols = 0 $SslProtocol | Foreach-Object { $trustedProtocols = $trustedProtocols -bor $_ } foreach ($address in $Uri) { $result = [pscustomobject]@{ PSTypeName = 'TestUriResult' Uri = $address RemoteAddress = $null RemotePort = $null SourceAddress = $null RemoteCertificate = $null CipherAlgorithm = $null HashAlgorithm = $null SslProtocol = $null TcpTestSucceeded = $false UriTestSucceeded = $false IsExpired = $false IsExpiring = $false IsTrusted = $false } try { $tcpClient = [net.sockets.tcpclient]::new($address.Host, $address.Port) $result.TcpTestSucceeded = $true $result.RemoteAddress = $tcpClient.Client.RemoteEndPoint.Address $result.RemotePort = $tcpClient.Client.RemoteEndPoint.Port $result.SourceAddress = $tcpclient.Client.LocalEndPoint.Address if ($address.Scheme -eq 'https') { $stream = $tcpClient.GetStream() $sslStream = [net.security.sslstream]::new($stream, $false, { $true }) $protocols = 0; [enum]::GetValues([System.Security.Authentication.SslProtocols]) | Where-Object { $_ -match '(Ssl|Tls)' } | Foreach-Object { $protocols = $protocols -bor $_ } $sslStream.AuthenticateAsClient($address.Host, $null, $protocols, $true) $certInfo = [security.cryptography.x509certificates.x509certificate2]::new($sslStream.RemoteCertificate) $result.SslProtocol = $sslStream.SslProtocol $result.RemoteCertificate = $certInfo $result.CipherAlgorithm = $sslStream.CipherAlgorithm $result.HashAlgorithm = $sslStream.HashAlgorithm $result.IsExpired = $certInfo.NotAfter -le (Get-Date) $result.IsExpiring = $certInfo.NotAfter -le (Get-Date).AddDays(30) $result.IsTrusted = $certInfo.Verify() -and ($sslStream.SslProtocol -band $trustedProtocols) $result.UriTestSucceeded = $result.IsTrusted -and !$result.IsExpired -and ($sslStream.SslProtocol -band $trustedProtocols) if (-not ($sslStream.SslProtocol -band $trustedProtocols)) { Write-Warning "The transport layer security protocol $($sslStream.SslProtocol) is not in the list of trusted protocols: $trustedProtocols." } if ($result.IsExpired) { Write-Warning "Certificate for '$address' is expired. Subject='$($result.RemoteCertificate.Subject)'; NotAfter='$($result.RemoteCertificate.NotAfter.ToString('o'))'" } elseif ($result.IsExpiring) { Write-Warning "Certificate for '$address' expires in 30 days or less. Subject='$($result.RemoteCertificate.Subject)'; NotAfter='$($result.RemoteCertificate.NotAfter.ToString('o'))'" } } } catch { Write-Error -ErrorRecord $_ } finally { if ($sslStream) { $sslStream.Dispose() } if ($stream) { $stream.Dispose() } if ($tcpClient) { $tcpClient.Dispose() } } if ($InformationLevel -eq 'Quiet') { $result.UriTestSucceeded } else { $result } } }
Related posts
- Please Someone give me some website links that say "The site ahead contains harmful programs" or "the site ahead contains malware" on a red screen. Give the direct links. And if you can "the site ahead may charge you money".
- is using a private dns safe ?
- How Does VPN Protect for Man-in-the-Middle?
- hello guys.I am working on a project and I need an expired digital certificate.Anyone with an expired digital certificate kindly inbox
- Expired SSL/TLS Certificate - consequences/outage?