Monitor SSL Certificates With Jenkins

 This is a simple PowerShell function that performs an http GET against a sepcified URL, validates a few things about the x509 certificate and returns an object indicating whether the cert is valid and will expires soon. Here's the code:

   Tests that a certificate is valid and will fail when expiring soon.
   Tests that a certificate is valid and will fail when expiring soon.
   No URL validation or redirect handling is done, you're expected
   to be an adult and handle the errors.

Returns an object with several properties: Valid, ExpireSoon, and days valid. Valid is true if the certificate chain is verified and it has not been revoked, ExpireSoon indicates whether or not the certificate expires before the specified threshold period, DaysValid is the number of days the certificate is still valid for (may be a negative number if the cert has expired). #> function Check-SslCert { Param( [Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=0)] [string]$URL, [Parameter(Position=1)] [int]$ThresholdDays) Process { $_threshold = $ThresholdDays if (-not $ThresholdDays) { $_threshold = 15 }

    $now = Get-Date

    ## Do webrequest to get info on secure site
    $request =  [System.Net.WebRequest]::Create($URL);
    [System.Net.HttpWebResponse]$response = $request.GetResponse();

    ## Retrieve the ssl cert and assign it to an X509Certificate object
    [System.Security.Cryptography.X509Certificates.X509Certificate]$cert = $request.ServicePoint.Certificate;

    ##convert the X509Certificate to an X509Certificate2 object by passing it into the constructor
    $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert;
    $daysValid = ($cert2.NotAfter - $now).TotalDays

    return New-Object PSObject -Property @{
        "ExpireSoon"=[bool]($daysValid -lt $_threshold);


This function can be included in a PowerShell script that contains a list of https URL's that you want to validate on a schedule, I'm using Jenkins, and then notify when the endpoint is unavailable or the certificate has issues. Since it's expected to be used inside another script there is no explicit error handling, I leave that to you. Good luck.