This simple command-line application takes all website URL's in a text config file and check if the certificate for that specific website is reaching expiry or not.

For notification the command-line has 2 options CON/EVT.

Config file should be called "CertExpiryCheck.config" and be present in the same folder as this EXE file.
[ Put the site name in separate lines like below (site name could be hostname or FQDN or host-header) ]

sukdesktop
www.adatum.com
www.contoso.com
www.fabrikam.com
www.woodgrovebank.com
 

Heart of this application is the certificate checking code (given below)

static void CheckCertificateExpiry(string CertificateSubject)
{
    X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
    X509Certificate2Collection storecollection;
    X509Certificate2 x509;
    TimeSpan timespan;

    store.Open(OpenFlags.ReadOnly);
    storecollection = (X509Certificate2Collection)store.Certificates;
    storecollection = storecollection.Find(X509FindType.FindBySubjectName, CertificateSubject, true);

    if (storecollection.Count == 0) 
    {
        Notify("Certificate for `" + CertificateSubject + "' not found", EventLogEntryType.Information);
    }
    else
    {
        x509 = storecollection[0];
        timespan = Convert.ToDateTime(x509.GetExpirationDateString()) - DateTime.Now;
        Notify("[" + CertificateSubject + "] certificate will expire in [" + timespan.Days + " days] issued by " 
                                                                + x509.GetNameInfo( X509NameType.SimpleName,true), 
            (timespan.Days > 30)?EventLogEntryType.Warning:EventLogEntryType.Error);
    }
}

Notification function is as simple as possible (you can extend it however you want)

Few Ideas for notification

  • Add entry in Event Logs shows up in System event log with source as "CertExpiryCheck" => Done
  • Send email alert
  • Send SMS alert
  • Shout at the administrators using Speech API Tongue out
static void Notify(string strComment,EventLogEntryType eventType)
{ 
    //implement different notification options here
    switch (cmdArg)
    { 
        case "CON": Console.WriteLine(strComment);
                    break;
        case "EVT": EventLog evtlog = new EventLog("System", ".");
                    evtlog.Source = "CertExpiryCheck";
                    evtlog.WriteEntry(strComment, eventType);
                    break;
    }
}

Hope this sample helps atleast some admins so that you are aware of certificate expiry before your users Wink

Download the code and binary here
CertExpiryCheck.zip (24.50 kb)