This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SSL Certificate Expiration Report - All OS

nsandberg over 5 years ago

Hello,

I've been asked by my manger to create a custom report that shows SSL expiration dates for both Windows and Linux OS. He's very specific, and he would like to have the report include the Certificate Name, Issuer, Expiration Date, and Days Remaining. I know that's very unusual request and maybe not really doable. I'm using SAM 6.6.1 and I've tried the out-of-the-box SSL Certificate Expiration Monitor in SAM. I know some of these details are available in AppInsight Monitor, but I can't seem to get the data my boss wants in a comprehensive report. He basically found a screen shot on the Solarwinds sight (see below) and wants to recreate that in a report.

Has anyone create a customer report with some of these fields my boss is looking for?

Thanks in advance for any advice or help!

Nelson

Here's the screen shot:

Top Replies

0 jvb over 5 years ago

The screen shot you posted is from the AppInsight for IIS template so that view is going to be specific to sites running on IIS.
For your other platforms you are correct in choosing the out of the box SSL Cert Expiration template.
However, as you have already seen, that template does not pull back all the data you are looking for.
The best you can probably do there is shown in the screen shot below.
Cancel
Vote Up 0 Vote Down

Cancel
0 jvb over 5 years ago in reply to jvb

If you don't mind having two reports there is an out of the box report for the IIS based stuff.
So you could use that and a custom report along the lines of what I posted above.
I realize that kind of comes up short on the request for a single comprehensive report but it is an option.
Cancel
Vote Up 0 Vote Down

Cancel
0 nsandberg over 5 years ago in reply to jvb

Thanks for the help JVB. I appreciate it. I'll play around with the report and see what I can find.
Nelson
Cancel
Vote Up 0 Vote Down

Cancel
0 yaquaholic over 5 years ago

We also to wanted to get the certificate issuer, rather than the expiry date, so I wrote a PowerShell script to fit in a Windows PowerShell Monitor:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
$site = "${IP}"
$port = 443    #assumes your using default HTTPS port
#Create a TCP Socket to the site and a port number
$tcpsocket = New-Object Net.Sockets.TcpClient($site, $port)
#test if the socket got connected
if(!$tcpsocket)
{
    Write-Host "Statistic.Issuer: 0"
    Write-Host "Message.Issuer: $site port 443 not open"
}
else
{
    #Socket Got connected get the tcp stream ready to read the certificate
    $tcpstream = $tcpsocket.GetStream()

    #Create an SSL Connection
    $sslStream = New-Object System.Net.Security.SslStream($tcpstream,$false, {param($sender, $certificate, $chain, $sslPolicyErrors) return $true })
    #Force the SSL Connection to send us the certificate
    $sslStream.AuthenticateAsClient($site)
    #Read the certificate
    $certinfo = New-Object system.security.cryptography.x509certificates.x509certificate2($sslStream.RemoteCertificate)
}
$website = $certinfo.DNSNameList.Unicode
        if ( $website -eq 'localhost.localdomain' )
                            {   $website = 'Self Signed'
                                Write-Host "Statistic.Issuer: 1"
                                Write-Host "Message.Issuer: " $website }
        else
                           { Write-Host "Statistic.Issuer: 1"
                              Write-Host "Message.Issuer: " $certinfo.Issuer }
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
You could also pull the following properties from $certinfo, using $certinfo.<Name>:
Archived                        Property       bool Archived {get;set;}
Extensions                      Property       System.Security.Cryptography.X509Certificates.X509ExtensionCollection Extensions {get;}
FriendlyName                    Property       string FriendlyName {get;set;}
Handle                          Property       System.IntPtr Handle {get;}
HasPrivateKey                   Property       bool HasPrivateKey {get;}
Issuer                          Property       string Issuer {get;}
IssuerName                      Property       System.Security.Cryptography.X509Certificates.X500DistinguishedName IssuerName {get;}
NotAfter                        Property       datetime NotAfter {get;}
NotBefore                       Property       datetime NotBefore {get;}
PrivateKey                      Property       System.Security.Cryptography.AsymmetricAlgorithm PrivateKey {get;set;}
PublicKey                       Property       System.Security.Cryptography.X509Certificates.PublicKey PublicKey {get;}
RawData                         Property       byte[] RawData {get;}
SerialNumber                    Property       string SerialNumber {get;}
SignatureAlgorithm              Property       System.Security.Cryptography.Oid SignatureAlgorithm {get;}
Subject                         Property       string Subject {get;}
SubjectName                     Property       System.Security.Cryptography.X509Certificates.X500DistinguishedName SubjectName {get;}
Thumbprint                      Property       string Thumbprint {get;}
Version                         Property       int Version {get;}
So for the Expiry dates at something like this to the end of the above script:
$expiry = $certinfo.NotAfter
$now = $now = (Get-Date).AddDays(90)   #Now + 90 days adjust as required
if ( $expiry -ge $now )
     { Write-Host "Message.Expiry:" $expiry
       Write-Host "Statistic.Expiry: 1" }
else { Write-Host "Message.Expiry: Certificate will within 90 days." $expiry
       Write-Host "Statistic.Expiry: 0" }

You can of course add some additional logic in there, so that you get
I hope it helps
Cancel
Vote Up +1 Vote Down

Cancel
0 nsandberg over 5 years ago in reply to yaquaholic

Awesome. Thanks for the advice. Nelson.
Cancel
Vote Up 0 Vote Down

Cancel
0 snangunoori over 4 years ago in reply to yaquaholic

I have a query on this script. I'm very new to solar winds. Do this script provide only for web servers or for all server., How to create the report using powershell.
Cancel
Vote Up 0 Vote Down

Cancel
0 tomiannelli over 4 years ago in reply to snangunoori

snangunoori - There would be two steps. First you need to create a custom template, here is a place to start with: Create custom templates in SAM You can also find other examples for PowerShell monitoring templates. Once you have done this and assigned it to nodes. You can create a custom report to generate current values.
Cancel
Vote Up +3 Vote Down

Cancel
0 tdowns over 4 years ago in reply to jvb

Hi - how did you setup that custom table. That's pretty much what I'm looking for, but can't seem to recreate it. Thanks!
Cancel
Vote Up 0 Vote Down

Cancel
0 Sumit12 over 2 years ago in reply to yaquaholic

above script not generating required data
Cancel
Vote Up 0 Vote Down

Cancel