Проверка сертификатов на действительность

Import-Module ActiveDirectory
$servers = Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true"' ` -Properties Name | Select-Object -Property Name
 
 
$stringtosearch = "*??ФИЛЬТР???*"
 
foreach ($server in $Servers) {
    $servername = $server.Name
    write-host ***************************************** $servername
    $ro=[System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
    $lm=[System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
    $store=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$servername\My",$lm)
    $store.Open($ro)
    $certificates=$store.Certificates
    foreach ($cert in $certificates) {
        write-host $cert.NotAfter $cert.Subject
        if ($cert.Subject -like $stringtosearch) {
            write-host ALERT!!!!!!!!!!!!!!!!!!!!!!!!!!
        }
    }
    write-host ""
}

Проверка, что сертификат отозван

Clear-Host
$thumb = "0171be862068e579befe7a136e1f72a3bf7afc3a"
 
Write-Host "Ищу сертификат с отпечатком $thumb в Cert:\LocalMachine\My ..."
 
$cert = Get-ChildItem -Path Cert:\LocalMachine\My -ErrorAction SilentlyContinue |
        Where-Object { $_.Thumbprint -eq $thumb }
 
if (-not $cert) {
    Write-Host -ForegroundColor red  "❌ В LocalMachine\My не найден. Пробую искать рекурсивно по всему LocalMachine ..."
    $cert = Get-ChildItem -Path Cert:\LocalMachine -Recurse -ErrorAction SilentlyContinue |
            Where-Object { $_.Thumbprint -eq $thumb }
}
 
if (-not $cert) {
    Write-Host -ForegroundColor red  "❌ Сертификат с отпечатком $thumb не найден ни в одном хранилище LocalMachine."
    return
}
 
Write-Host " Сертификат найден:"
$cert | Format-List Thumbprint, Subject, FriendlyName, NotAfter
 
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain
 
$chain.ChainPolicy.RevocationMode  = [System.Security.Cryptography.X509Certificates.X509RevocationMode]::Online
$chain.ChainPolicy.RevocationFlag  = [System.Security.Cryptography.X509Certificates.X509RevocationFlag]::EntireChain
$chain.ChainPolicy.UrlRetrievalTimeout = (New-TimeSpan -Seconds 10)
$chain.ChainPolicy.VerificationFlags   = [System.Security.Cryptography.X509Certificates.X509VerificationFlags]::NoFlag
 
$result = $chain.Build($cert)
 
if ($result){
    write-host -ForegroundColor green "Сертификат НЕ отозван."
}
else{
    write-host -ForegroundColor red "Сертификат отозван."
}
 
$chain.ChainStatus