# PCS Toolkit - Certificate Manager # List and check installed certificates $timestamp = Get-Date -Format "yyyy-MM-dd_HH-mm-ss" $logFile = "$env:USERPROFILE\Desktop\Certificates_$timestamp.txt" $csvFile = "$env:USERPROFILE\Desktop\Certificates_$timestamp.csv" function Log($msg) { Write-Host $msg Add-Content $logFile $msg } function LogWarn($msg) { Write-Host $msg -ForegroundColor Yellow Add-Content $logFile "[!] $msg" } function LogBad($msg) { Write-Host $msg -ForegroundColor Red Add-Content $logFile "[!!] $msg" } Log "========================================" Log " PCS Toolkit - Certificate Manager" Log "========================================" Log "Generated: $(Get-Date)" Log "Computer: $env:COMPUTERNAME" Log "" $today = Get-Date $warnDays = 30 # Warn if expiring within 30 days # Collect certificates from common stores $stores = @( @{Path="Cert:\LocalMachine\My"; Name="Local Machine - Personal"}, @{Path="Cert:\LocalMachine\Root"; Name="Local Machine - Trusted Root CAs"}, @{Path="Cert:\LocalMachine\CA"; Name="Local Machine - Intermediate CAs"}, @{Path="Cert:\CurrentUser\My"; Name="Current User - Personal"}, @{Path="Cert:\LocalMachine\WebHosting"; Name="Local Machine - Web Hosting"} ) $allCerts = @() $expiringSoon = @() $expired = @() foreach ($store in $stores) { Log "=== $($store.Name) ===" $certs = Get-ChildItem $store.Path -EA SilentlyContinue | Where-Object { $_.NotAfter } if (-not $certs) { Log " (No certificates)" Log "" continue } foreach ($cert in $certs) { $daysLeft = ($cert.NotAfter - $today).Days $status = "OK" if ($cert.NotAfter -lt $today) { $status = "EXPIRED" $expired += $cert LogBad " [EXPIRED] $($cert.Subject)" } elseif ($daysLeft -le $warnDays) { $status = "EXPIRING" $expiringSoon += $cert LogWarn " [EXPIRING in $daysLeft days] $($cert.Subject)" } else { Log " [OK] $($cert.Subject)" } $allCerts += [PSCustomObject]@{ Store = $store.Name Subject = $cert.Subject Issuer = $cert.Issuer Thumbprint = $cert.Thumbprint NotBefore = $cert.NotBefore NotAfter = $cert.NotAfter DaysRemaining = $daysLeft Status = $status FriendlyName = $cert.FriendlyName HasPrivateKey = $cert.HasPrivateKey } } Log " Total: $($certs.Count) certificates" Log "" } # Summary Log "========================================" Log "SUMMARY" Log "========================================" Log "" Log "Total Certificates: $($allCerts.Count)" Log " Expired: $($expired.Count)" Log " Expiring Soon (within $warnDays days): $($expiringSoon.Count)" Log "" if ($expired.Count -gt 0) { LogBad "=== EXPIRED CERTIFICATES ===" foreach ($cert in $expired) { Log " Subject: $($cert.Subject)" Log " Expired: $($cert.NotAfter)" Log " Thumbprint: $($cert.Thumbprint)" Log "" } } if ($expiringSoon.Count -gt 0) { LogWarn "=== CERTIFICATES EXPIRING SOON ===" foreach ($cert in $expiringSoon) { $days = ($cert.NotAfter - $today).Days Log " Subject: $($cert.Subject)" Log " Expires: $($cert.NotAfter) ($days days)" Log " Thumbprint: $($cert.Thumbprint)" Log "" } } # Export to CSV $allCerts | Export-Csv $csvFile -NoTypeInformation Log "Exported to CSV: $csvFile" Log "" Log "=== CERTIFICATE STORE LOCATIONS ===" Log "To manage certificates manually, run: certlm.msc (Local Machine) or certmgr.msc (Current User)" Log "" Log "========================================" Log "SCAN COMPLETE" Log "========================================" explorer.exe "/select,$csvFile" Read-Host "Press Enter to exit"