Certificate Monitor

Certificate Monitor

Monitors all certificates in Root, AuthRoot, CA, and Personal("My") certificate stores. Provides status the 10 soonest to expire certificates per store that expire within next 60 days. If none expire within that window then it presents the earliest to expire certificate for that store and presents how many days to expire. Monitor status is critical when a certificate is found to expire within next 60 days.  Monitoring for the "My" certificate store is included but disabled as this store may contain a ridiculous amount of certificates and most likely none that matter. The "My" certificate store is also the local computer store's "Personal" store. "My" is the technical name the computer uses to reference the "Personal" store.

If you want to monitor the Personal ("My") store, use the following steps

  1. Edit the "Certificate Monitor"
    1. 2016-03-28_11-21-17.png
  2. Select the "Personal ("My") Monitor", then select Enable
    1. 2016-03-28_11-21-41.png

If you need help making changes to the template to alter the expiration window, use the following steps

  1. Edit the "Certificate Monitor"
    1. 2016-03-28_11-21-17.png.
  2. Select the Component and Select "Edit Script" for that component
    1. 2016-03-28_11-29-09.png
  3. Update the value for "$intThreshold", default is 60 which is 60 days. If you want to be notified sooner then update it to 90 or greater. If you want to be notified later or closer to date of expiration use 30 or 15.
    1. 2016-03-28_11-29-42.png

This monitor is only good for Windows Servers but you can monitor some Linux certificates using the SSL Expiration monitor.

UPDATE (2018-12-19) - Revision 9

     Wow, that took a long time to correct...The Personal ("My") Store was incorrectly using the CA store in the code, which would have required a change on your part to correct. I feel bad about that. I updated the monitor to      correctly use the My store for that monitor. Thank you tangles​ for letting me know!

UPDATE (2016-03-28) - Revision 6

     Now you can monitor the Personal ("My") Store! Included detailed instructions on how to enable a component or update the threshold for when you are warned of an expiring certificate.

UPDATE (2016-02-01) - Revision 5

     Bug fix. Comparison logic was inverse. I fixed the issue.

UPDATE (2016-02-01) - Revision 3

     You need to be able to edit the script to change the following values. Its rather straight forward but if anyone has any questions. Please let me know!

  • Update the threshold!
    • Current value is 60 days but you can make it whatever you want and it updates comparison values and verbiage in alerts
  • Exclude certificates using certificate subject names
    • You can exclude as many as you want but try to be specific to reduce chance of a false positive
    • Uses "Contains" comparison model so you don't have to supply the entire subject name
    • Current value is excluding "Verisign" so certificates that contain the name "Verisign" in the subject name are not monitored in this release.
      • If you need to monitor "Verisign" certificates, then comment out this line or delete the name within the quotes.
  • If you modify "If ($_.Subject.ToLower().contains($name.ToLower()))" to "If ($_.Issuer.ToLower().contains($name.ToLower()))" it will exclude based on Issuer rather than Subject.

  • Hello!
    I have a issue with this, I try to create the alert, but always show this message:  "This alert would be immediately triggered on 4 object(s) in alert scope", I already set the threshold here below to 60...

  • great template but when i use it, why the statistic can't get value days left for expiration?

  • Hello,

    This template is great as it provides the Certificate name unlike the  solarwinds out of the box template. Having the days till the cert expires is nice, and I would also like to have the expiration date itself as well. Is there a field that I can use to add the cert expired day to the Message ?

    "Write-Host "Message.$count : Certificate $strSubject Will Expire within next $intThreshold days on (?)."

    Thank you

  • All and alex81​,

    I received a request on if it was possible to exclude a certificate via thumbprint. Yes, this is possible.

    I will not update the template for two reasons

    1. Its very niche
    2. Great way for admins to roll up their sleeves and learn a little more how SolarWinds functions and PowerShell can be leveraged

    Admins can update the script themselves in the template using the following information. I haven't tested this change in SolarWinds but I validated the code works using PowerShell on my own PC to collect root store certificates.

    1. To maintain simplicity, we will mix both Subjects and Thumbprints in the $exludeCerts variable
    2. Add the thumbprint of the certificate that the admin wants to exclude
    3. Add the if statement following the other if statement that excludes certificates based on subject

    If ($_.Thumprint -eq $name){

         $excludeBool = $true



    I hope this helps, you can modify this to exclude other attributes as well!

    !!!! If you want exclude certificates with Thumbprints for each certificate store, you will have to do this for each component in the monitor.

    Reminder on how to edit the script

    1. Edit the "Certificate Monitor"
      1. 2016-03-28_11-21-17.png.
    2. Select the Component and Select "Edit Script" for that component
      1. 2016-03-28_11-29-09.png