Monitors all certificates in Root, AuthRoot, CA, and Personal("My") certificate stores. Provides status the 10 soonest to expire certificates per store that expire within next 60 days. If none expire within that window then it presents the earliest to expire certificate for that store and presents how many days to expire. Monitor status is critical when a certificate is found to expire within next 60 days. Monitoring for the "My" certificate store is included but disabled as this store may contain a ridiculous amount of certificates and most likely none that matter. The "My" certificate store is also the local computer store's "Personal" store. "My" is the technical name the computer uses to reference the "Personal" store.
If you want to monitor the Personal ("My") store, use the following steps
- Edit the "Certificate Monitor"
- Select the "Personal ("My") Monitor", then select Enable
If you need help making changes to the template to alter the expiration window, use the following steps
- Edit the "Certificate Monitor"
- Select the Component and Select "Edit Script" for that component
- Update the value for "$intThreshold", default is 60 which is 60 days. If you want to be notified sooner then update it to 90 or greater. If you want to be notified later or closer to date of expiration use 30 or 15.
This monitor is only good for Windows Servers but you can monitor some Linux certificates using the SSL Expiration monitor.
UPDATE (2018-12-19) - Revision 9
Wow, that took a long time to correct...The Personal ("My") Store was incorrectly using the CA store in the code, which would have required a change on your part to correct. I feel bad about that. I updated the monitor to correctly use the My store for that monitor. Thank you tangles for letting me know!
UPDATE (2016-03-28) - Revision 6
Now you can monitor the Personal ("My") Store! Included detailed instructions on how to enable a component or update the threshold for when you are warned of an expiring certificate.
UPDATE (2016-02-01) - Revision 5
Bug fix. Comparison logic was inverse. I fixed the issue.
UPDATE (2016-02-01) - Revision 3
You need to be able to edit the script to change the following values. Its rather straight forward but if anyone has any questions. Please let me know!
- Update the threshold!
- Current value is 60 days but you can make it whatever you want and it updates comparison values and verbiage in alerts
- Exclude certificates using certificate subject names
- You can exclude as many as you want but try to be specific to reduce chance of a false positive
- Uses "Contains" comparison model so you don't have to supply the entire subject name
- Current value is excluding "Verisign" so certificates that contain the name "Verisign" in the subject name are not monitored in this release.
- If you need to monitor "Verisign" certificates, then comment out this line or delete the name within the quotes.
The Personal Store script did not work out of the box when I had imported into our environment. I noticed that the line in question
$objStore = new-object System.Security.Cryptography.X509Certificates…
Sure. Let me clarify that I at least was able to create an alert that provided the name of the certificate. Still working on trying to get some sort of widget.
I created an alert on the specific components…
I'm getting this error when running the script, it appears to run but:
Message.0 : No Certificate Will Expire within next 60 days.