How do I: Delete old Certificates windows servers using Powershell (Azure Classic Release Pipelines)
How do I: Delete old Certificates windows servers using Power Shell (Azure Classic Release Pipelines)
Tried this code and I get:
2024-05-07T02:43:20.4279860Z ##[error]Atleast one remote job failed. Consult logs
for more details. ErrorCodes(s):
'RemoteDeployer_NonZeroExitCode***RemoteDeployer_NonZeroExitCode***RemoteDeployer_NonZeroEx
itCode***RemoteDeployer_NonZeroExitCode'
param(
$servers = "$(deploy-Hostesses)"
)
#
foreach ($server in $servers) {
Write-Host "Processing server: $server"
Invoke-Command -ComputerName $server -ScriptBlock {
# Retrieve all certificates from the certificate store
$certs = Get-ChildItem -Path Cert:\LocalMachine\My
# Define the date threshold (current date minus expiration days)
$thresholdDate = (Get-Date).AddDays(-120)
foreach ($cert in $certs) {
# Check if the certificate is expired
if ($cert.NotAfter -lt $thresholdDate) {
Write-Host "Certificate $($cert.Thumbprint) is expired. Deleting..."
# Delete the expired certificate
Remove-Item -Path "Cert:\LocalMachine\My\$($cert.Thumbprint)" -Force
Write-Host "Certificate $($cert.Thumbprint) deleted."
}
}
}
}
Ideas on what I am missing? Windows server 2019 Psremoteing enabled
Update.. Using the code below and realizing I was using the inline code but on powershell on target machines:
# Get the current date
$currentDate = Get-Date
# Define the date threshold (120 days ago)
$thresholdDate = $currentDate.AddDays(-30)
# Retrieve all certificates from the certificate store
$certs = Get-ChildItem -Path $CertStore
foreach ($cert in $certs) {
# Check if the certificate is expired (NotAfter date is older than the threshold date)
if ($cert.NotAfter -lt $thresholdDate) {
Write-Output "Certificate $($cert.Thumbprint) is expired. Deleting..."
# Delete the expired certificate
Remove-Item -Path $cert.PSPath -Force
Write-Output "Certificate $($cert.Thumbprint) deleted."
}
}
Solution
Slightly change the script as below, it works on my side.
function ProcessServers {
param(
$servers = "wadeVM1,wadeVM2" # the server list
)
# Split the servers string into an array
$servers = $servers.Split(',')
#
foreach ($server in $servers) {
Write-Host "Processing server: $server"
Invoke-Command -ComputerName $server -ScriptBlock {
# Retrieve all certificates from the certificate store
$certs = Get-ChildItem -Path Cert:\LocalMachine\My
# Define the date threshold (current date minus expiration days)
$thresholdDate = (Get-Date).AddDays(-120)
foreach ($cert in $certs) {
# Check if the certificate is expired
if ($cert.NotAfter -lt $thresholdDate) {
Write-Host "Certificate $($cert.Thumbprint) is expired. Deleting..."
# Delete the expired certificate
Remove-Item -Path "Cert:\LocalMachine\My\$($cert.Thumbprint)" -Force
Write-Host "Certificate $($cert.Thumbprint) deleted."
}
}
}
}
}
ProcessServers # run the function
I used inline script type for powershell task in classic pipeline:
Please follow below items for a check:
The server in the server list
can be reachedon your agent. Simplyping servernameon the agent machine to validate. If it's not reached, add map in hosts and flush dns(ipconfig /flushdns).on each server, run
winrm quickconfigto configure the service. runwinrm set winrm/config/client '@{TrustedHosts="*"}'to trust the host.
If you encounter the message as below:
Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
run command:
New-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -PropertyType DWord -Value 1, and Restart-Service WinRM.
- Check the user used to run the devops agent, you can add
whoamiin pipeline for confirmation, make sure the user has admin permission so that it can delete the cert. If not, reconfigure the agent with an admin user.
Hope it helps.
- DevOps deploying Azure Web Apps to wwwroot/Content/D_C/a/1/s/ in Linux container
- Azure DevOps: access secret variable programmatically
- How to install PowerShell module pushed to Azure Artifacts in Pipelines?
- Get all work items from a project azure devops REST API
- Which scope takes precedence in an release pipeline variable?
- In Azure DevOps, need to view and prioritize Features, Product Backlog Items and Bugs in one list in relation to each other
- CICD of data factory
- Can't multi-target projects in azure pipeline build
- Preview state of azure pipeline yaml after supplying it with runtime parameters
- How do I identify the triggering pipeline in the download step when downloading pipeline artifacts in Azure DevOps on-prem?
- JIRA Azure DevOps iteration not showing work item in Azure DevOps
- Azure DevOps build Artifact Error because of Failed to fetch ARM parameters: Error: Input required: AzureResourceManagerConnection
- Issue with Azure DevOps API: Newly Created Area Paths Not Recognized Immediately
- How to add tag to a build from classic release after successful deployment to stage
- I don't see the menu entries for releases
- Azure DevOps Rest API : Object "ID" scope
- Getting "BadRequest" when trying to deploy web app networking settings using Bicep trmplate
- Accessing Azure DevOps Board custom field using OData query
- AzureStaticWebApp@0 push from artifacts
- Azure DevOps - deploy Window Service task
- CICD for Azure Databricks
- Trigger Azure DevOps pipeline only for "main" AND changes in a certain path
- Azure Pipelines - Replace a variable in a yaml file
- Azure dev ops cicd yaml variable for appSettings, multi line causing an error
- .Net Azure Function app publish does not generate a bin folder
- Git cleanup/garbage collection on remote Azure DevOps git repository
- Run build only on approval
- Azure DevOps is not gathering all changes when using schduled cron trigger
- yaml pipeline: How to use a build artifact generated in a previous build
- How to resolve eslint errors due to use of the html() method in jquery libraries when running security scans with Github advanced security?