Forum Discussion

venkat's avatar
venkat
Icon for Neophyte rankNeophyte
4 months ago

non SSL Port Monioring

Hi We have a requirement to monitor ssl certificate on non ssl ports like for example 7083 is here any Datasource we have to do this or any easy way to do it.

  • Anonymous's avatar
    Anonymous
    4 months ago

    Clone the DS and change the ssl.listening_ports property for a custom one.

    Same code that LM uses for regular cert monitoring with a different port: https://github.com/sweenig/lm/tree/main/SSL%20Monitoring%20on%20Custom%20Port

  • Is it an HTTPS server just on a custom port? You should be able to clone the "HTTPS" DataSource and change the port it uses. May want to tweak the AppliesTo and other items as needed.

    • venkat's avatar
      venkat
      Icon for Neophyte rankNeophyte

      I tried it and updaed the port it applies to as 7083 so it doesnot show any output.

    • venkat's avatar
      venkat
      Icon for Neophyte rankNeophyte

      It worked but it just monitors weather we are able to connec on port 7803 or not but the requirement is to get validity of the certificate and in how many days it expires

      • Manish_Arora's avatar
        Manish_Arora
        Icon for Neophyte rankNeophyte

        you can try using the below script which we have deployed.

        this runs everyday and decrement the number of day each day and we have created an alert that we should be notified when it reaches 30 (month) so that we can initiate the work to reinstate the server certificate

        import com.santaba.agent.groovyapi.expect.Expect;
        import com.santaba.agent.groovyapi.snmp.Snmp;
        import com.santaba.agent.groovyapi.http.*;
        import com.santaba.agent.groovyapi.jmx.*;
        import org.xbill.DNS.*;
        import javax.net.ssl.*
        import java.security.cert.*
        import java.security.*
        import java.text.SimpleDateFormat
        import java.util.concurrent.TimeUnit

        // Function to get the number of days left until the certificate expires
        def getDaysUntilExpiry(host, port) {
            try {
                // Create SSL context
                SSLContext sslContext = SSLContext.getInstance("TLS")
                sslContext.init(null, null, new java.security.SecureRandom())
                SSLSocketFactory factory = sslContext.getSocketFactory()
                
                // Create socket to connect to the server
                Socket socket = factory.createSocket(host, port)
                SSLSocket sslSocket = (SSLSocket) socket
                
                // Start handshake to get the certificate
                sslSocket.startHandshake()
                SSLSession session = sslSocket.getSession()
                Certificate[] certificates = session.getPeerCertificates()
                X509Certificate cert = (X509Certificate) certificates[0]
                
                // Get expiry date
                Date expiryDate = cert.getNotAfter()
                Date currentDate = new Date()
                
                // Calculate days left
                long diffInMillies = expiryDate.getTime() - currentDate.getTime()
                long diffInDays = TimeUnit.DAYS.convert(diffInMillies, TimeUnit.MILLISECONDS)
                
                println("${diffInDays}")
                
                // Close resources
                sslSocket.close()
            } catch (Exception e) {
                e.printStackTrace()
            }
        }

        // Main execution
        def host = "website.com"  // Replace with your server hostname or IP
        def port = 443               // Port number

        getDaysUntilExpiry(host, port)

  • you can try using the groovy script 

    Collection method - script

     

    process = [ 'bash', '-c', 'timeout 60  bash -c "</dev/tcp/<IP address>/7083"; echo $?'].execute()
    println process.text;

    this will check every 1 minute whether port 7083 is opening or not.

     

      • Anonymous's avatar
        Anonymous

        Clone the DS and change the ssl.listening_ports property for a custom one.

        Same code that LM uses for regular cert monitoring with a different port: https://github.com/sweenig/lm/tree/main/SSL%20Monitoring%20on%20Custom%20Port