I’ve found that many of my clients with services that rely on Microsoft Certificate Authorities deployed within the internal network have frequently asked me whether there was a way to monitor the expiry of these issued certificates and the answer to that is yes, with the Certificate Expiration Alerting tool found here:
Certificate Expiration Alerting
The next common question that usually pops up shortly after testing the tool is whether there was a way to filter out issued certificates that have blank common names as shown in the following screenshot:
CertExpAlerter.exe -c "cert01\Company-CA" -d 312
Note that the command above queried for certificates that expire in 312 days and 3 certificates were returned where 2 had blank common names. The way to filter the common name as described in the TechNet article is with the use of RegEx and the only reason why I am familiar to it is because I used to work with Lync Enterprise voice quite a bit which forced me to learn it for creating translation rules. The RegEx expression we’re interested in is the following:
What the above RegEx command matches is any string that contains at least one non-space character which results with the exclusion of blank common names:
Hope this helps anyone who is unfamiliar with RegEx and is looking for the expression to filter out blank common names.