Forum Discussion

Dominique's avatar
Dominique
Icon for Advisor rankAdvisor
5 years ago

How to get the Certificate Common Name (FQDN) in the alerts description

Hello,

I am using the two script from Cole McDonald:

On 8/22/2019 at 9:11 AM, Cole McDonald said:

I've lightened the load slightly on the winCertCheck (which is technically no longer the same DS as I've replaced the entirety of the scripts with simplified .NET based powershell scripts to avoid using invoke-command which tends to lead to some resource constraint issues.  This should help though, will keep the same instances alive from the old code as the output is identical to the previous version by @Jonathan Arnold:

##--------------- Discovery ------------------##
$readOnly     = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
$localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
$store        = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine )

$store.Open( $readOnly )

$store.Certificates `
| Select-Object {$_.Thumbprint + "##" + $_.Thumbprint + "##" + $_.Subject + $_.CommonName} `
| Format-Table -HideTableHeaders
##--------------------------------------------##
##-------------- Counters --------------------##
$readOnly     = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
$localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
$store        = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine )

$store.Open( $readOnly )

$store.Certificates `
| Where-Object {($_.Thumbprint -like "##WILDVALUE##")} `
| Select-Object @{
	Name       = "DaysUntilExpire"
	Expression = {((Get-Date -Date $_.NotAfter) - (Get-Date)).Days}
} `
| Format-List
##--------------------------------------------##

(please note the line continuations to help readability of the code)

As always, neither I nor Beyond Impact warranty this code.  It's working in our environment, I can't guarantee it'll work in yours.  This doesn't account for anything that needs credentials other than what the collector uses.

==========================================================================================================================

But when testing them on a current alert

I could not get the correct common name displayed... and I do not see the certificate listed in the alert in the list of certificates produced by the script...

I might have missed something!!!

Thanks,

Dom

 

  • Thanks for your patience Stuart... 

    I found the location

    ##$store        = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine )##
    $store        = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\my", $localMachine )

    Now I have the good certificate listed... I need to add as you said the expiration date set to combined both...

    Thanks,

    Dom

  • Currently, we have some clients that want to monitor several certificates on a box (example -> IIS server). Not only the server cert itself like 'SSLCerts-' does.
    From this thread it seems this does the trick right? If yes, is it possible for you to share this DS?

    Thank you!

  • Hello,

    Is it possible to add the Friendly Name of the Certificate as well?

    Thanks,
    Dom

  • Anonymous's avatar
    Anonymous

    Sure, if it's available. Where you do this bit in your discovery script:

    $store.Certificates `
    | Select-Object {$_.Thumbprint + "##" + $_.Thumbprint + "##" + $_.Subject + $_.CommonName} `
    | Format-Table -HideTableHeaders

     

    You'd just need to output the friendly name in the "Select-Object" part. If the friendly name isn't available, you'll have to find out where the friendly name might be and script a way to fetch that.

    The syntax of the output is:

    ID##DisplayName##Description

    So, if you want the friendly name as the display name, you'd change it to:

    $store.Certificates `
    | Select-Object {$_.Thumbprint + "##" + $_.FriendlyName + "##" + $_.Subject + $_.CommonName} `
    | Format-Table -HideTableHeaders

    Assuming $_.FriendlyName contains the friendly name.

  • Hello Stuart,

    Quote

    ##--------------- Discovery ------------------##
    $pshost = Get-Host              # Get the PowerShell Host.
    $pswindow = $pshost.UI.RawUI    # Get the PowerShell Host's UI.

    $newsize = $pswindow.BufferSize # Get the UI's current Buffer Size.
    $newsize.width = 800            # Set the new buffer's width to 800 columns.
    $pswindow.buffersize = $newsize # Set the new Buffer Size as active.

    $newsize = $pswindow.windowsize # Get the UI's current Window Size.
    $newsize.width = 800            # Set the new Window Width to 800 columns.
    $pswindow.windowsize = $newsize # Set the new Window Size as active.

    $readOnly     = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
    $localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
    $store        = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\my", $localMachine )

    $store.Open( $readOnly )

    $store.Certificates `
    | Select-Object { `
      $_.Thumbprint + "##" `
    + $_.Subject + $(If ($_.Subject -ne "") {"(..." + $_.Thumbprint.SubString($_.Thumbprint.length - 5, 5) + ")"} Else {"Unknown subject (" + $_.Thumbprint + ")"}) `
    + "######" `
    + "cert.issuer=" + $_.Issuer `
    + "&cert.friendlyname=" + $_.FriendlyName `
    + "&cert.serialnumber=" + $_.SerialNumber `
    + "&cert.thumbprint=" + $_.Thumbprint `
    } `
    | Format-Table -HideTableHeaders
     

    Testing it now...

    Thanks,

    Dom

  • 1 hour ago, Dominique said:

    Hello Stuart,

    Testing it now...

    Thanks,

    Dom

    I see the Friendly Name in the info on the device:

    auto.cert.friendlyname

    SCCM SCUP Signing Certificate