Open for Voting
over 1 year ago

Add Certificate Issuer to SSL Certificate Expiration Application Monitor

In reference to the issue posted here the component  SSL Certificate Expiration Monitor retrieves the information including the certificate issuer, however the issuer is not stored to the database so it cannot be retrieved.

In the referenced post aLTeReGo​​ suggests that the information be copied and pasted into the component notes.  This is a manual process that would have to be performed for each server monitored unless all certificates are issued from the same CA.

Since this information is critical to resolving the issue of certificate expiration, I would say the component should be modified to capture this information to the database automatically rather than make it a manual process.

Parents
  • Dear govitallen,

    until the monitor is change you can use a Powershelll monitor with the following content, Parameter: ${IP},[PORT]:

    $PORT=$args[1]

    $computername = $args[0]

    $tcpsocket = New-Object Net.Sockets.TcpClient($computername , $PORT)

    #test if the socket got connected

    if(!$tcpsocket)

    {

        Write-host "Message.Issuer: Error Opening Connection: $port on $computername Unreachable"

        Write-Host "Statistic.Issuer: 0"

        exit 1

    }

    else

    {

        #Socket Got connected get the tcp stream ready to read the certificate

        write-host "Successfully Connected to $computername on $port" -ForegroundColor Green -BackgroundColor Black

        $tcpstream = $tcpsocket.GetStream()

        Write-host "Reading SSL Certificate...." -ForegroundColor Yellow -BackgroundColor Black

        #Create an SSL Connection

        $Callback = { param($sender, $cert, $chain, $errors) return $true }

        $sslStream = New-Object System.Net.Security.SslStream($tcpstream,$false,$Callback)

        #Force the SSL Connection to send us the certificate

        $sslStream.AuthenticateAsClient($computerName)

        #Read the certificate

        $certinfo = New-Object system.security.cryptography.x509certificates.x509certificate2($sslStream.RemoteCertificate)

    }

    Write-Host "Message.Issuer: Issuer: ", $certinfo.Issuer

    Write-Host "Statistic.Issuer: 1"

    exit 0

    You can use this script to get all information from a certificate. Look at https://msdn.microsoft.com/de-de/library/system.security.cryptography.x509certificates.x509certificate2(v=vs.110).aspx  for more details.

    Thanks to blogpost Reading a Certificate off a remote SSL Server for Troubleshooting with Powershell! – Parallel Universe – MS Tech Blog  for a lot of help!

    Kind regards,

    RalfS

  • Is there any update to the status of the update of the Monitor for retrieving the issuer?

Comment Children
No Data