This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Certificate Authority Monitoring

Hello

I am using Solarwinds Application Monitor and I am trying to monitor the certificates issued by my two certificate authorities.  Is it possible to see the certificates issued by the particular server along with the expiration date.   Any assistance is appreciated.

Parents
  • Hi there, 

    This is a good opportunity for a PowerShell component in SAM, if you are licensed for it. I just had a quick go and managed to get something like this to be returned from our CA:

    Here is the code I used, you'll have to add your CA into the top line and run it with remote execution for it to work, but should give you up to 10 of the next expirations:

    $CAlocation = "HOSTNAME\CA_NAME"
      $certs = @()
      $now = get-Date;
      $expirationdate = $now.AddDays(365)
      $CaView = New-Object -Com CertificateAuthority.View.1
      [void]$CaView.OpenConnection($CAlocation)
      $CaView.SetResultColumnCount(5)
      $index0 = $CaView.GetColumnIndex($false, "Issued Common Name")
      $index1 = $CaView.GetColumnIndex($false, "Certificate Expiration Date")
      $index2 = $CaView.GetColumnIndex($false, "Issued Email Address")
      $index3 = $CaView.GetColumnIndex($false, "Certificate Template")
      $index4 = $CaView.GetColumnIndex($false, "Request Disposition")
      $index0, $index1, $index2, $index3, $index4 | %{$CAView.SetResultColumn($_) }
    
      $index1 = $CaView.GetColumnIndex($false, "Certificate Expiration Date")
      $CAView.SetRestriction($index1,16,0,$now)
      $CAView.SetRestriction($index1,2,0,$expirationdate)
    
      $CAView.SetRestriction($index4,1,0,20)
    
      $RowObj= $CAView.OpenView() 
      $i =0
      while ($Rowobj.Next() -ne -1 -and $i -le 9){
        $Cert = New-Object PsObject
        $ColObj = $RowObj.EnumCertViewColumn()
        [void]$ColObj.Next()
        do {
          $current = $ColObj.GetName()
          $Cert | Add-Member -MemberType NoteProperty $($ColObj.GetDisplayName()) -Value $($ColObj.GetValue(1)) -Force  
        } until ($ColObj.Next() -eq -1)
        Clear-Variable ColObj
        $datediff = New-TimeSpan -Start ($now) -End ($cert."Certificate Expiration Date")
        $expirydays = ($dateDiff.Days).ToString()
        $commonname = $cert."Issued Common Name"
        Write-host "Message.$i`: $commonname - days until expiration:"
        Write-host "Statistic.$i`: $expirydays"
        $i++
      }
      $RowObj.Reset()
      $CaView = $null
      [GC]::Collect()
    
    
    exit (0)

    Let me know if you have any questions. 

    Marlie Fancourt | SolarWinds Pre-Sales Manager | Prosperon Networks

  • Hi Marlie, many thanks for providing this script. I'm unfortunately having trouble with getting it work with SAM.

    Running the script directly from Powershell on my local machine, the script correctly interrogates the remote CA and brings back a result of certificates. 

    When running through the SAM component builder however, I am getting a "Not Defined" error.

    I have specified the correct Server and Credential when running "Get Script Output".

    Are you able to suggest any troubleshooting steps? 

    thank you

Reply
  • Hi Marlie, many thanks for providing this script. I'm unfortunately having trouble with getting it work with SAM.

    Running the script directly from Powershell on my local machine, the script correctly interrogates the remote CA and brings back a result of certificates. 

    When running through the SAM component builder however, I am getting a "Not Defined" error.

    I have specified the correct Server and Credential when running "Get Script Output".

    Are you able to suggest any troubleshooting steps? 

    thank you

Children