This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SSL Certificate Expiration Date Monitor

I'm looking for a way to pass more information into the alert that is triggered when I use this component. Specifically, I'm looking for the same information seen when you expose the details produced after using the test component function when setting up the monitoring template.

Certificate was expired 460 day(s) ago. Expiration date: 5/23/2018

SslExpirationDateProbe Execute Result: ================================

Target: 000.00.00.000

Statistic Value (certificate valid days left): 0

Statistic Warning Threshold: 90

Statistic Critical Threshold: 30

Response Time Value: 00:00:00.1700260

Response Time Warning Threshold: 10000

Response Time Critical Threshold: 1.79769313486232E+308

Outcome based on thresholds: NotAvailable

Certificate details: ==============================================

Subject: CN=my.site.com, OU=Domain Control Validated

etc.......

  • NOTE: This below assumes the use of the SSL Certificate Expiration Date Monitor component monitor, and not the in-built SSL certificate monitoring within AppInsight for IIS.

    When defining the alert, make sure you are triggering on the component (not the application). This will allow you to insert variables for the individual component metrics. I couldn't find any certificate details (subject, etc) - I think that only appears when testing the component.

    The I want to alert on should be Component.

         pastedImage_3.png

    In the Trigger Actions, for your specific action (email/log to file/whatever) in the Message section click the Insert Variables button and navigate to the Component categories. From here you can find any related metric to include in the alert.

    The screenshots below shows the Statistic Data metric and the threshold metrics.

         pastedImage_0.png

         pastedImage_1.png

    You can customise the message text to your own liking. The example below was to demonstrate the output.

         pastedImage_5.png

         pastedImage_6.png

    You can also copy/paste the metrics below if you don't want to find them using insert variables.

    MetricVariableExample Output
    Node Name${N=SwisEntity;M=Application.Node.Caption}SERVER-ABC
    IP Address${N=SwisEntity;M=Application.Node.IP_Address}10.12.34.56
    Component Message${N=SwisEntity;M=ComponentAlert.ComponentMessage}Certificate will expire in 1394 day(s). Expiration date: 9/07/2023
    Statistic Value${N=SwisEntity;M=ComponentAlert.StatisticData}1394
    Statistic Warning Threshold${N=SwisEntity;M=ComponentAlertThresholds.ThresholdStatisticWarning}90
    Statistic Critical Threshold${N=SwisEntity;M=ComponentAlertThresholds.ThresholdStatisticCritical}30
    Response Time Value${N=SwisEntity;M=ComponentAlert.ResponseTime}24
    Response Time Warning Threshold${N=SwisEntity;M=ComponentAlertThresholds.ThresholdResponseTimeWarning}  (blank if no value set)
    Response Time Critical Threshold${N=SwisEntity;M=ComponentAlertThresholds.ThresholdResponseTimeCritical}
  • Thank you for your detailed response. It seems there are other needed values that are missing to help identify the actual cert on the host. For example:
    Subject: CN=my.site.com, OU=Domain Control Validated
    It strikes me odd that I can get this data when I use the target host as a component test target but not get the data within the alert.

  • you could always build a custom alert variable to display that data. You can find the table that contains the data that you want and then build a variable to extract that information out of that table.

  • True enough, the trick being, if exist find table.

  • I hate to say it, but after looking at this some more, it does not look like during the actual polling they store the certificate details in any table like they display during the test.

  • Hi, we wrote some powershell for this, it's not perfect but it does let you get the certificate name presented easier

    The design is to check via a web request FIRST, then to inspect the node's cert store if it cant find anything, and use the earliest cert only. That works in our environment but you may want a different setup. We've got a few servers with an edited template for this reason.

    $statistic = $Null

    $date = Get-Date

    $URL = "https://${IP}"

    $WebRequest = [Net.WebRequest]::Create($URL)

    $WebRequest.UseDefaultCredentials = $true

    $WebRequest.PreAuthenticate = $true

    $AllArray = @()

    Try

    {

        $WebResponse = $WebRequest.GetResponse()

        $Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle

        $statistic = $cert.Subject

        $expiry = $cert.NotAfter

        $remaining = $expiry - $date

        $Statistic = $remaining.days

    }

    Catch

    {

       # Write-Host "Web request failed" -ForegroundColor Red

       # Write-Host "Attempting to get cert info regardless..." -ForegroundColor Yellow

        $Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle

        $CN = $cert.Subject

        $expiry = $cert.NotAfter

        $remaining = $expiry - $date

        $Statistic = $remaining.Days

        If($statistic -lt "-2000")

        {

            Clear-Variable statistic

        }

    }

    If($Statistic -ne $null)

    {

        $FormattedExpiry = $expiry.ToString("dd/MM/yyyy")

        $Message = "Certificate $CN will expire on $FormattedExpiry, $statistic days left"

        Write-Host "Statistic: $statistic"

        Write-Host "Message: $message"

        Exit 0;

    }

    Function Get-Direct

    {

        If($statistic -eq $Null)

        {

            #Write-Host "Trying direct cert store script" -ForegroundColor Yellow

            $server = $url.Replace('https://','')

            $objStore = new-object System.Security.Cryptography.X509Certificates.X509Store("\\$Server\MY","LocalMachine")

            $objStore.open("ReadOnly")

            $Cert = $objStore.Certificates | sort notafter

            $CN = $Cert.subject[0]

            $Expiry = $Cert.NotAfter[0]

            $Remaining = $expiry - $date

            $statistic = $remaining.Days

            If($statistic -lt "-2000")

            {

                Clear-Variable statistic

            }

            If($statistic -eq $Null)

            {

                Write-Host "Statistic.ExitCode: 1"

                Exit 1;

            }

            Else

            {

                $FormattedExpiry = $expiry.ToString("dd/MM/yyyy")

                $Message = "Certificate $CN will expire on $FormattedExpiry, $statistic days left"

                Write-Host "Statistic: $statistic"

                Write-Host "Message: $message"

                Exit 0;

            }

        }

    }

    If($statistic -eq $null)

    {

        Get-Direct

    }

  • @Steven Carlson, I hope you didn't mind that I unmarked your answer correct as it did not address the actual question. While it is helpful to know that the component provides more detailed information, it does not provide the information I am looking for. Again, thank you for your detailed response. I am sure it will be helpful to others.

  • Thank you Adam, I'll look at using this in lieu of the OOB component but, it's not preferred especially as our company starts to move toward signed powershell scripts.

  • If there's someone you've got over there who can write/review/sign em properly the useful bit is basically:

        $Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle

        $CN = $cert.Subject

        $expiry = $cert.NotAfter

    and sticking some combination of that in $Message - once it is you can call ${Message} in charts and alerts and whatnot on the solarwinds end

  • All good! I mentioned that particular monitor doesn't seem to collect the information about the certificate itself and I read the initial post as you were also looking for the information I talked about. If that's not what you're after then my response isn't correct. emoticons_wink.png

    It looks like AppInsight for IIS might give you the information you're after but that's a lot of polling just for the SSL Certificate. I'm not on a system at the moment with it running but the demo site shows some examples. If you need more details than that, you'll probably be better off with the custom PowerShell method.

    https://oriondemo.solarwinds.com/Orion/APM/IisBlackBox/IisSiteDetails.aspx?NetObject=ABIS:309