Forum Discussion

Purnadi_K's avatar
Purnadi_K
Former Employee
8 years ago

Simple Check for SSL Cert Expiration Monitoring

Monitoring SSL Certificate expiry days can be done in LogicMonitor by making use of datasource SSLCerts- (SSL Certificate Expiration). On the side note, SSL Certificate is used for certifying a web...
ssl
Dominique's avatar
Dominique
Icon for Advisor rankAdvisor
5 years ago
On 8/22/2019 at 9:11 AM, Cole McDonald said:

I've lightened the load slightly on the winCertCheck (which is technically no longer the same DS as I've replaced the entirety of the scripts with simplified .NET based powershell scripts to avoid using invoke-command which tends to lead to some resource constraint issues.  This should help though, will keep the same instances alive from the old code as the output is identical to the previous version by @Jonathan Arnold: 


##--------------- Discovery ------------------##
$readOnly     = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
$localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
$store        = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine )

$store.Open( $readOnly )

$store.Certificates `
| Select-Object {$_.Thumbprint + "##" + $_.Thumbprint + "##" + $_.Subject + $_.FriendlyName} `
| Format-Table -HideTableHeaders
##--------------------------------------------##

##-------------- Counters --------------------##
$readOnly     = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
$localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
$store        = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine )

$store.Open( $readOnly )

$store.Certificates `
| Where-Object {($_.Thumbprint -like "##WILDVALUE##")} `
| Select-Object @{
	Name       = "DaysUntilExpire"
	Expression = {((Get-Date -Date $_.NotAfter) - (Get-Date)).Days}
} `
| Format-List
##--------------------------------------------##

(please note the line continuations to help readability of the code)

As always, neither I nor Beyond Impact warranty this code.  It's working in our environment, I can't guarantee it'll work in yours.  This doesn't account for anything that needs credentials other than what the collector uses.

Hello,

Where is the "winCertCheck"? I do not see it in our environment. Is it a standard DS ? Should it be imported from somewhere?

I would like to get the certificate "CommonName" displayed in the description of the Alert for SSL Expiration.

Thanks,

Dom