Forum Discussion

Joe_Williams's avatar
Joe_Williams
Icon for Professor rankProfessor
5 years ago

PropertySource - Certificate Information

We had to find out who issued the SSL cert on port 443 for a bunch of network devices and servers. So I wrote this TCPMLH.
It pulles the IssuerCN, SubjectCN, ValidFrom and ValidTo info for the certificate. It could easily be modified to look at other ports as well if wanted.

It depends on a PropertySource that was listed here awhile ago 'DataSources_List', which I don't have the key for, but can share the XML if needed.

 

  • Anonymous's avatar
    Anonymous

    This just means that your script didn't write anything to the stdout pipe. With PowerShell, you use Write-Host "propertyname=propertyvalue" for every property you want to create on the device.  https://www.logicmonitor.com/support/logicmodules/propertysources/creating-propertysources

    You may also look at using the debug window to run your script. That way you can see the raw output.  The command you'd want to run is !posh. However, you'll want this chrome extension. Without it, you have to upload your script to the collector and specify the path. With it, you can just paste in your script and select the device to run against. It will make the token substitutions and run it on the collector against that device.

  • Hello,

    I tried to test the powershell script and got this

    What exactly does this means?

    I was having an expired certificate I was expecting to catch!!!

    Thanks,
    Dom

  • On 2/22/2020 at 12:42 AM, Joe Williams said:

    It depends on a PropertySource that was listed here awhile ago 'DataSources_List', which I don't have the key for, but can share the XML if needed.

     

    Hi Joe,
    Can you please share the XML. Much Appreciated

    Thanks

  • Anonymous's avatar
    Anonymous

    Haha, i should have waited. This one has now been flipped to public so you should be able to use it.

  • Anonymous's avatar
    Anonymous

    This one is "stuck" with us for the moment. There are new Exchange features coming out (really cool stuff; think app store). While that's being done, all non-core LogicModules (meaning LogicModules not written by LM) have been marked as private. Once the new Exchange features go live, the module author should be able to go to the "My Integrations" tab and flip the toggle from private to public. (Working on a shortcut for this one right now.)

  • Guessing it hasn't been approved yet. Below is the PowerShell script and the AppliesTo is 'auto.activedatasources =~ "HTTPS"'

     

    $URL = "https://"
    $URL = $URL + "##hostname##"
    
    
    try {
        [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
        $webRequest = [System.Net.HttpWebRequest]::Create($URL)
    
        $webRequest.KeepAlive = $false
        $webRequest.Timeout = 5000
        $webRequest.ServicePoint.ConnectionLeaseTimeout = 5000
        $webRequest.ServicePoint.MaxIdleTime = 5000
    
        #$null = $webRequest.GetResponse()
        $null = $webRequest.GetResponse().Dispose()
            
    }
    catch [System.Net.WebException] {
        if ($_.Exception.Status -eq [System.Net.WebExceptionStatus]::TrustFailure) {
            # We ignore trust failures, since we only want the certificate, and the service point is still populated at this point
        }
        else
        {
           # Write-Warning $_.Exception.Message
        }
    }
    catch {
       # Write-Warning $_.Exception.Message
    }
    
    if (($webRequest.ServicePoint.Certificate) -and ($webRequest.ServicePoint.Certificate.Handle -ne 0)) {
        if ($ReturnCertificate) {
           # Write-Output $webRequest.ServicePoint.Certificate
        }
        else {
    
            $IssuerCN = $webRequest.ServicePoint.Certificate.Issuer.Split(', ',[System.StringSplitOptions]::RemoveEmptyEntries)[0].Split('=')[1]
            $SubjectCN = $webRequest.ServicePoint.Certificate.Subject.Split(', ',[System.StringSplitOptions]::RemoveEmptyEntries)[0].Split('=')[1]
            $ValidFrom = $webRequest.ServicePoint.Certificate.GetEffectiveDateString()
            $ValidTo = $webRequest.ServicePoint.Certificate.GetExpirationDateString()
    
            Write-Host "certificate.IssuerCN=$IssuerCN"
            Write-Host "certificate.SubjectCN=$SubjectCN"
            Write-Host "certificate.ValidFrom=$ValidFrom"
            Write-Host "certificate.ValidTo=$ValidTo"
        }
    
        $webRequest.ServicePoint.Certificate.Dispose()
    }   
    
    [Net.ServicePointManager]::ServerCertificateValidationCallback = $null

     

  •  

    I'm getting the following error;

    LogicModule is Private, Cannot Read