Pulling all certificates from internal CA
I am just asking the general question to see if anyone has accomplished this beforeI recreate the wheel for our environment. Let me start out with my scripting knowledge is very basic. So what i am trying to accomplish is to pull all certificates signed by our internal CA, that would be pull every day in case new ones are added. The certificates that are about to expire with 30 days, 2 weeks, 1 week would send out alerts to the corresponding escalation chain (once i find out who owns the certificate). Eventually we would have service now create a ticket for the expiring certificate and route to the correct team. The biggest issue is i have no idea what all certificates we have or where they live. I know you can use certutil to grab this data from our internal CA but just wanted to see if any one has already accomplished this or maybe someone figured out an easier way. I havent found anything in the community pointing towards what I'm trying to do, Sorry in advance if i completely missed it or did notunderstand because of my lack of knowledge.Solved342Views12likes1CommentPalo Alto Improvements
Here are some datasources we added to get better information on Palo Alto firewalls: Certificate Status:KFWLJ9 High Availability Detail:EMXWRR(this one includes a bunch of HA info, including HA link status, compat status and so forth. Many auto properties for reference on the local and peer units. All datapoints currently use the default alert templates, but I am hoping to extend that and leverage the auto properties for those messages) Support Status:3YJJCZ License Status:DXEAP4 All use the XML API, so will require security review (no idea how long that takes).168Views9likes18Comments