可以从IIS:提供程序获取绑定到网站的证书列表:

A list of the certificates bound to websites can be obtained from the IIS: provider:

Get-ChildItem IIS:SSLBindings

尝试一下:

$DaysToExpiration = 7

$expirationDate = (Get-Date).AddDays($DaysToExpiration)

$sites = Get-Website | ? { $_.State -eq "Started" } | % { $_.Name }
$certs = Get-ChildItem IIS:SSLBindings | ? {
           $sites -contains $_.Sites.Value
         } | % { $_.Thumbprint }

Get-ChildItem CERT:LocalMachine/My | ? {
  $certs -contains $_.Thumbprint -and $_.NotAfter -lt $expirationDate
}