Open for Voting

Add Certificate Issuer to SSL Certificate Expiration Application Monitor

In reference to the issue posted here the component  SSL Certificate Expiration Monitor retrieves the information including the certificate issuer, however the issuer is not stored to the database so it cannot be retrieved.

In the referenced post aLTeReGo​​ suggests that the information be copied and pasted into the component notes.  This is a manual process that would have to be performed for each server monitored unless all certificates are issued from the same CA.

Since this information is critical to resolving the issue of certificate expiration, I would say the component should be modified to capture this information to the database automatically rather than make it a manual process.

govitallen
  • in reply to ralfs

    Is there any update to the status of the update of the Monitor for retrieving the issuer?

  • Dear govitallen,

    until the monitor is change you can use a Powershelll monitor with the following content, Parameter: ${IP},[PORT]:

    $PORT=$args[1]

    $computername = $args[0]

    $tcpsocket = New-Object Net.Sockets.TcpClient($computername , $PORT)

    #test if the socket got connected

    if(!$tcpsocket)

    {

        Write-host "Message.Issuer: Error Opening Connection: $port on $computername Unreachable"

        Write-Host "Statistic.Issuer: 0"

        exit 1

    }

    else

    {

        #Socket Got connected get the tcp stream ready to read the certificate

        write-host "Successfully Connected to $computername on $port" -ForegroundColor Green -BackgroundColor Black

        $tcpstream = $tcpsocket.GetStream()

        Write-host "Reading SSL Certificate...." -ForegroundColor Yellow -BackgroundColor Black

        #Create an SSL Connection

        $Callback = { param($sender, $cert, $chain, $errors) return $true }

        $sslStream = New-Object System.Net.Security.SslStream($tcpstream,$false,$Callback)

        #Force the SSL Connection to send us the certificate

        $sslStream.AuthenticateAsClient($computerName)

        #Read the certificate

        $certinfo = New-Object system.security.cryptography.x509certificates.x509certificate2($sslStream.RemoteCertificate)

    }

    Write-Host "Message.Issuer: Issuer: ", $certinfo.Issuer

    Write-Host "Statistic.Issuer: 1"

    exit 0

    You can use this script to get all information from a certificate. Look at https://msdn.microsoft.com/de-de/library/system.security.cryptography.x509certificates.x509certificate2(v=vs.110).aspx  for more details.

    Thanks to blogpost Reading a Certificate off a remote SSL Server for Troubleshooting with Powershell! – Parallel Universe – MS Tech Blog  for a lot of help!

    Kind regards,

    RalfS

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.