cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

SSL Certificate Expiration Report - All OS

Hello,

I've been asked by my manger to create a custom report that shows SSL expiration dates for both Windows and Linux OS. He's very specific, and he would like to have the report include the Certificate Name, Issuer, Expiration Date, and Days Remaining. I know that's very unusual request and maybe not really doable. I'm using SAM 6.6.1 and I've tried the out-of-the-box SSL Certificate Expiration Monitor in SAM. I know some of these details are available in AppInsight Monitor, but I can't seem to get the data my boss wants in a comprehensive report. He basically found a screen shot on the Solarwinds sight (see below) and wants to recreate that in a report.

Has anyone create a customer report with some of these fields my boss is looking for?

Thanks in advance for any advice or help!

Nelson

Here's the screen shot:

pastedImage_3.png

Labels (1)
0 Kudos
8 Replies
Level 14

We also to wanted to get the certificate issuer, rather than the expiry date,  so I wrote a PowerShell script to fit in a Windows PowerShell Monitor:

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

$site = "${IP}"        

$port = 443    #assumes your using default HTTPS port

#Create a TCP Socket to the site and a port number

$tcpsocket = New-Object Net.Sockets.TcpClient($site, $port)

#test if the socket got connected

if(!$tcpsocket)

{

    Write-Host "Statistic.Issuer: 0"

    Write-Host "Message.Issuer:  $site port 443 not open"

}

else

{

    #Socket Got connected get the tcp stream ready to read the certificate

    $tcpstream = $tcpsocket.GetStream()

 

    #Create an SSL Connection

    $sslStream = New-Object System.Net.Security.SslStream($tcpstream,$false, {param($sender, $certificate, $chain, $sslPolicyErrors) return $true })

    #Force the SSL Connection to send us the certificate

    $sslStream.AuthenticateAsClient($site)

    #Read the certificate

    $certinfo = New-Object system.security.cryptography.x509certificates.x509certificate2($sslStream.RemoteCertificate)

}

$website = $certinfo.DNSNameList.Unicode

        if ( $website -eq  'localhost.localdomain' )

                            {   $website = 'Self Signed'

                                Write-Host "Statistic.Issuer: 1"

                                Write-Host "Message.Issuer: " $website }

        else

                           {  Write-Host "Statistic.Issuer: 1"

                              Write-Host "Message.Issuer: " $certinfo.Issuer  }

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

You could also pull the following properties from $certinfo, using $certinfo.<Name>:

Archived                        Property       bool Archived {get;set;}                                                                                                      

Extensions                      Property       System.Security.Cryptography.X509Certificates.X509ExtensionCollection Extensions {get;}                                       

FriendlyName                    Property       string FriendlyName {get;set;}                                                                                                

Handle                          Property       System.IntPtr Handle {get;}                                                                                                   

HasPrivateKey                   Property       bool HasPrivateKey {get;}                                                                                                     

Issuer                          Property       string Issuer {get;}                                                                                                          

IssuerName                      Property       System.Security.Cryptography.X509Certificates.X500DistinguishedName IssuerName {get;}                                         

NotAfter                        Property       datetime NotAfter {get;}                                                                                                      

NotBefore                       Property       datetime NotBefore {get;}                                                                                                     

PrivateKey                      Property       System.Security.Cryptography.AsymmetricAlgorithm PrivateKey {get;set;}                                                        

PublicKey                       Property       System.Security.Cryptography.X509Certificates.PublicKey PublicKey {get;}                                                      

RawData                         Property       byte[] RawData {get;}                                                                                                         

SerialNumber                    Property       string SerialNumber {get;}                                                                                                    

SignatureAlgorithm              Property       System.Security.Cryptography.Oid SignatureAlgorithm {get;}                                                                    

Subject                         Property       string Subject {get;}                                                                                                         

SubjectName                     Property       System.Security.Cryptography.X509Certificates.X500DistinguishedName SubjectName {get;}                                        

Thumbprint                      Property       string Thumbprint {get;}                                                                                                      

Version                         Property       int Version {get;}       

So for the Expiry dates at something like this to the end of the above script:

$expiry = $certinfo.NotAfter

$now = $now = (Get-Date).AddDays(90)   #Now + 90 days adjust as required

if ( $expiry -ge $now )

     { Write-Host "Message.Expiry:" $expiry

       Write-Host "Statistic.Expiry: 1" }

else { Write-Host "Message.Expiry: Certificate will within 90 days." $expiry

       Write-Host "Statistic.Expiry: 0" }

      

You can of course add some additional logic in there, so that you get 

I hope it helps

I have a query on this script. I'm very new to solar winds. Do this script provide only for web servers or for all server., How to create the report using powershell.

0 Kudos

snangunoori​ - There would be two steps. First you need to create a custom template, here is a place to start with: Create custom templates in SAM  You can also find other examples for PowerShell monitoring templates. Once you have done this and assigned it to nodes. You can create a custom report to generate current values.

Awesome. Thanks for the advice. Nelson.

0 Kudos
Product Manager
Product Manager

The screen shot you posted is from the AppInsight for IIS template so that view is going to be specific to sites running on IIS.

For your other platforms you are correct in choosing the out of the box SSL Cert Expiration template.

However, as you have already seen, that template does not pull back all the data you are looking for.

The best you can probably do there is shown in the screen shot below.

pastedImage_0.png

0 Kudos

Hi - how did you setup that custom table.  That's pretty much what I'm looking for, but can't seem to recreate it.  Thanks!

0 Kudos
Product Manager
Product Manager

If you don't mind having two reports there is an out of the box report for the IIS based stuff.

So you could use that and a custom report along the lines of what I posted above.

I realize that kind of comes up short on the request for a single comprehensive report but it is an option.

0 Kudos

Thanks for the help JVB. I appreciate it. I'll play around with the report and see what I can find.

Nelson

0 Kudos