I'm currently monitoring for the expiration of certs in our environment using a combination of the AppInsight for IIS and the basic SSL Cert check on port 443 Template/Component. In some cases I've had to employ a script to look in the certificate library of a host. As the AppInsight for IIS is applied automatically after discovery, that's not an issue. Its the other targets I'm not told about until a cert expires. These are CAs like GoDaddy, sites are externally hosted, or Cisco devices that have certs that I am completely unaware of. Putting all the external stuff aside for the moment, many of our certs are generated from our own CA PKI server. Is there anyway to poll it directly to get information on all the certs it has issued?
