The short answer is, you can’t. We have hunted for this unicorn of IT apps and commands for years and thought at very least there should be a ready way to see WHEN a certificate was last used, but there is none.
It’s probably fastest and cheapest to run a scream test. The change review board may not like the suggestion, but sometimes things like the scream test are the only reasonable things left. Just establish a solid back out plan.
You can hunt and prod and monitor and still miss edge cases from things that happen only twice a year or other weird constraints.ServerFault.com/questions/886489/how-to-determine-if-a-certificate-is-being-used
What To Do About Expired / Unused SSL Certificates?
In real life, most admins with leave expired or unused certificates in place, in other words, they do nothing. The problem with this is clutter and confusion. If you have a question about what is using an SSL certificate, most likely others will to. We think it is best to deal with it, but because there is no way to “disable” a certificate before you delete it, the process is risky.
We backup the certificate by exporting it before we delete any questionable cert.
- Click START and type MMC.
- Click FILE > ADD > select CERTIFICATES > COMPUTER
- Expand PERSONAL > CERTIFICATES
- Right click on the SSL certificate in question
- Select ALL TASKS > EXPORT…
- Complete the wizard
- Right click on the certificate in question and delete DELETE