Receiving alerts for expired/expiring certificates

• Under 'Tools > Embedded Scripts' click 'New' and then label this, 'expiring_certs.ps1' and in the 'Script Content' box add:

sl cert:
$MaxDays = 30
Get-ChildItem -Recurse | where { $_.notafter -le (get-date).AddDays($MaxDays) -AND $_.notafter -gt (get-date).adddays(-$MaxDays)} | select NotAfter,subject, Issuer | Format-List

Note: The above script will notify you if a certificate has expired in the last 30 days or will be expiring in the next 30 days. To change the amount of days to check to 60, for example, update the line $MaxDays = 30 to $MaxDays = 60

• In the 'Interpreter' field, select 'powershell.exe -inputformat none -file' from the drop-down and then click 'OK'
• Under 'System Health Packages', create a new package (assign it accordingly or make it global) and add an "Application Scheduler" object to it.
• Decide on a schedule for the script and select @expiring_certs.ps1 for the script name.
• Under 'Event Logs', create a new package (assign it accordingly or make it global) and then add an inlcude filter that will look for the event 10200 information event logged by EventSentry with the content filter *expiring_certs.ps1*NotAfter*. If no certificates have expired or are set to expire, the NotAfter will not be apart of the event.

When running PowerShell scripts, also ensure that the proper execution policy is set.