Click here to get back home

User notification before certificate expires
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
User notification before certificate expires MC 05-30-2006
Posted by MC on May 30, 2006, 4:19 pm
Please log in for more thread options
 Does someone know a solution to monitor user certificates (windows ca) ?
The system should send a notification to a user (e.g. via mail) that his/her
certificate will expire in x days.

any other idea how to handle expiring smart card logon certificates when
it's not possible to implement automatic certificate renewals ?

thanks
MC



Posted by Martin Rublik on May 31, 2006, 3:43 am
Please log in for more thread options
 Don't know if this is the best possible solution but you might want to
take a closer look on certutil utility
(http://technet2.microsoft.com/WindowsServer/en/Library/165ee684-1c3a-4cc1-9c5b-0bc1ec1e710a1033.mspx?mfr=true).

Here's a little sample

certutil -view -restrict "Certificate Expiration Date < 12. 6. 2006
13:44" -out "Issued Common Name, Issued Email Address"

Then you can parse the output with some script and send mail to that
address.

Restriction list is similar to the Filter fields in MMC Certification
Authority console (You can find them in View | Filter | Add ...).

Regards

Martin

MC wrote:
> Does someone know a solution to monitor user certificates (windows ca) ?
> The system should send a notification to a user (e.g. via mail) that his/her
> certificate will expire in x days.
>
> any other idea how to handle expiring smart card logon certificates when
> it's not possible to implement automatic certificate renewals ?
>
> thanks
> MC
>
>

Posted by MC on May 31, 2006, 7:29 am
Please log in for more thread options
thanks, martin
I think this will help.

//MC


> Don't know if this is the best possible solution but you might want to
> take a closer look on certutil utility
> (http://technet2.microsoft.com/WindowsServer/en/Library/165ee684-1c3a-4cc1-9c5b-0bc1ec1e710a1033.mspx?mfr=true).
>
> Here's a little sample
>
> certutil -view -restrict "Certificate Expiration Date < 12. 6. 2006
> 13:44" -out "Issued Common Name, Issued Email Address"
>
> Then you can parse the output with some script and send mail to that
> address.
>
> Restriction list is similar to the Filter fields in MMC Certification
> Authority console (You can find them in View | Filter | Add ...).
>
> Regards
>
> Martin
>
> MC wrote:
>> Does someone know a solution to monitor user certificates (windows ca) ?
>> The system should send a notification to a user (e.g. via mail) that
>> his/her certificate will expire in x days.
>>
>> any other idea how to handle expiring smart card logon certificates when
>> it's not possible to implement automatic certificate renewals ?
>>
>> thanks
>> MC
>>


Similar ThreadsPosted
How to force User log off when time expires? July 20, 2007, 5:48 am
"No Certificate Templates Could Be Found" Error Message When User Requests Certificate from CA Web Enrollment Pages September 21, 2006, 1:31 pm
Restrict AD-User to one X509 Certificate per Certificate template? July 12, 2007, 12:18 pm
HELP Needed: Win2k3 - How to restrict Internet access after log on expires. June 23, 2006, 10:24 am
Built-in Administrator acct. for Domain be password never expires? October 2, 2006, 3:01 pm
Multiple user certificate thumbprint April 19, 2006, 10:04 pm
Certificate recovery on user profile October 25, 2006, 9:34 am
IAS + user smartcard + workstation certificate July 6, 2007, 9:48 am
What's happen if I revoke a user certificate ? April 2, 2008, 6:49 am
PKI User certificate auto-enrollment for XP clients not logging onto domain computer May 18, 2007, 11:02 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap