Last active
January 10, 2022 15:40
-
-
Save JohanSelmosson/666492255e2d6dd8f0c337ddd8f97f1b to your computer and use it in GitHub Desktop.
Report new Pending Certificate Requests by email
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $processedrequestspath = "c:\nordlo\pki\processedrequests.txt" | |
| $smtpserver= 'smtp.domain.local' | |
| $fromaddress= '[email protected]' | |
| $recipient = '[email protected]' | |
| $KBArticle = 'KBXXXXXXXX' | |
| #[System.Net.ServicePointManager]::SecurityProtocol = 'TLS12' | |
| #install-module pspki | |
| function ReportPendingRequests { | |
| param( | |
| $computername = [System.Net.Dns]::GetHostByName($env:computerName).hostname | |
| ) | |
| Import-Module PSPKI | |
| $ca = Get-CertificationAuthority -ComputerName $computername | |
| $reqs = Get-PendingRequest -CertificationAuthority $ca | |
| foreach ($request in $reqs) | |
| { | |
| $raw = Get-PendingRequest -CertificationAuthority $ca -Property "RawRequest" -RequestID $request.RowId | |
| $reqbytesfromraw = [convert]::FromBase64String($raw."Request.RawRequest") | |
| $reqfromraw = New-Object System.Security.Cryptography.X509CertificateRequests.X509CertificateRequest (,$reqbytesfromraw) | |
| $SAN = ($reqfromraw.Extensions.AlternativeNames | select Type, Value | % {"$($_.Type): $($_.Value)"}) -split [Environment]::NewLine -join ', ' | |
| [pscustomobject]@{ | |
| RequestID = $request.RequestID | |
| SubmittedWhen = $request.'Request.SubmittedWhen' | |
| RequestedBy = $request.'Request.RequesterName' | |
| Template = $request.CertificateTemplateOid.FriendlyName | |
| Subject = $reqfromraw.Subject | |
| CommonName = $request.'Request.CommonName' | |
| SAN = $SAN | |
| } | |
| } | |
| } | |
| $pendingrequests = ReportPendingRequests | |
| if (! (Test-Path $processedrequestspath)) { | |
| new-item $processedrequestspath -ItemType File -Force | |
| } | |
| foreach ($pendingrequest in $pendingrequests) | |
| { | |
| $processedrequests = get-content $processedrequestspath | |
| if ($processedrequests -contains $pendingrequest.RequestID ) { | |
| Write-Verbose "Already Processed [#$($pendingrequest.RequestID)], skipping..." | |
| } else { | |
| $body = @" | |
| A certificate signing request is waiting for approval on the CA-server {0} | |
| {1} | |
| This certificate needs manual approval by an administrator | |
| See {2} for more info | |
| "@ -f $env:COMPUTERNAME, "$($pendingrequest | format-list | out-string)", $KBArticle | |
| $body | |
| Send-MailMessage -SmtpServer $smtpserver -Body $body -From $fromaddress -To $recipient -Subject "New Pending Certificate Request #$($pendingrequest.RequestID) - $($pendingrequest.CommonName)" | |
| Add-Content -Path $processedrequestspath -Value $pendingrequest.RequestID -Verbose | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment