DirectoryCertChecker is a free .NET console application that searches Active Directory for X.509 certificates; it writes a report in CSV format detailing information about each certificate found. The report includes the following columns: Entry DN, Certificate DN, Serial Number, Expiry Date, Expiry Status, and Days Till Expiry. At the end of the run, DirectoryCertChecker can optionally email the CSV report to one or more recipients.
Below is a link to a zip file containing the Directory Cert Checker executables. The C# source code is also available.
The main configuration settings for DirectoryCertChecker are held in the file DirectoryCertChecker.exe.config, which is in the same folder as DirectoryCertChecker.exe. This is an xml file that allows a number of settings to be configured as listed below: