Cert Expiry Check

This simple command-line application takes all website URL's in a text config file and check if the certificate for that specific website is reaching expiry or not.

For notification the command-line has 2 options CON/EVT.

Config file should be called "CertExpiryCheck.config" and be present in the same folder as this EXE file.
[ Put the site name in separate lines like below (site name could be hostname or FQDN or host-header) ]


Heart of this application is the certificate checking code (given below)

static void CheckCertificateExpiry(string CertificateSubject)
    X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
    X509Certificate2Collection storecollection;
    X509Certificate2 x509;
    TimeSpan timespan;

    storecollection = (X509Certificate2Collection)store.Certificates;
    storecollection = storecollection.Find(X509FindType.FindBySubjectName, CertificateSubject, true);

    if (storecollection.Count == 0) 
        Notify("Certificate for `" + CertificateSubject + "' not found", EventLogEntryType.Information);
        x509 = storecollection[0];
        timespan = Convert.ToDateTime(x509.GetExpirationDateString()) - DateTime.Now;
        Notify("[" + CertificateSubject + "] certificate will expire in [" + timespan.Days + " days] issued by " 
                                                                + x509.GetNameInfo( X509NameType.SimpleName,true), 
            (timespan.Days > 30)?EventLogEntryType.Warning:EventLogEntryType.Error);

Notification function is as simple as possible (you can extend it however you want)

Few Ideas for notification

  • Add entry in Event Logs shows up in System event log with source as "CertExpiryCheck" => Done
  • Send email alert
  • Send SMS alert
  • Shout at the administrators using Speech API Tongue out
static void Notify(string strComment,EventLogEntryType eventType)
    //implement different notification options here
    switch (cmdArg)
        case "CON": Console.WriteLine(strComment);
        case "EVT": EventLog evtlog = new EventLog("System", ".");
                    evtlog.Source = "CertExpiryCheck";
                    evtlog.WriteEntry(strComment, eventType);

Hope this sample helps atleast some admins so that you are aware of certificate expiry before your users Wink

Download the code and binary here
CertExpiryCheck.zip (24.50 kb)



Sukesh Sukesh Ashok Kumar
Works @ Microsoft

Chat with me!
who's online


All opinions posted here are those of the author and are in no way intended to represent the opinions of his employer. All posts are provided "AS IS" with no warranties, and confers no rights. © Copyright 2010

Recent Comments

Comment RSS

Sign in