0

We are running an NPS-Server on Windows Server 2016 that serves as a Radius-Server for our wifi-network. A few days ago, all clients lost the connection because the validity of the certificate in use for the MS-PEAP-Protocol ended.

Now we would like to add an automatic check that warns us before the certificate will end the next time. It should connect to the server as a normal client and check if the certificate is still valid for another 3 weeks.

Is there a solution for this using the powershell? Or any other programming language?

I already found a script that can replace the certificate, the server uses for MS-PEAP-Connections (https://www.powershellgallery.com/packages/Posh-ACME.Deploy/1.3.0/Content/Public%5CSet-NPSCertificate.ps1). But I am looking for a script that checks if this was successful.

Andreas
  • 393
  • 4
  • 11

1 Answers1

0

this protocol must be using Secure Socket Layer/Transport Level Security (SSL/TLS) and you should be able to check certificate using standard tools like openssl or .net sslstreal object

here is an example of the PS script

https://techibee.com/powershell/powershell-remotely-query-certificate-expiry-date-subject-issuer-and-other-details/2981

*please note that your service is unlikely listening on 443 port

4snok
  • 104
  • 4
  • 1
    As far as I know, this protocol uses unencrypted UDP for first contact. The certificate does come into play later. Probably similar to StartTLS where the encrypted connection is established after an initial handshake. Thus I need to implement or use at least some of the protocol before the server responds with the certificate. I did a TCP-portscan as well of course. Just to be sure. – Andreas Apr 30 '22 at 16:06
  • yeah, you're right. Then it will be easier to check the cert from a server side. – 4snok May 01 '22 at 00:16