SSL Certificate Expiration - SNI capable

For those that deploy SNI when hosting websites you've probably discovered that monitoring the SSL certificate expiration only shows the first certificate in the list.

This check was designed to match the certificate Common Name (CN).

I created an external node for thwack.solarwinds.com

The powershell scripts pulls the node name and returns the number of days until it expires. It also prints more details in the Statistic Message.

UPDATED: Inluded the Certification Authority into the statistic message detail.

I also created this SSL report that can be imported.

SSL Certificate Expiration - SNI Capable Report.xml

*Updated - 1/25/2016 - Fix bug when no CA was present in the certificate.

*Updated - 3/21/2018 - Updated script significantly to allow for TLS 1.2 only connections. Thanks for the assist sstark85!

chad.every

Top Comments

aldo.lopez 1 month ago in reply to trilobite_rex

same issue, did you ever get it work?
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
rahul.bajpai over 2 years ago

Hi
The above monitor works well but unfortunately, it don't seem to capture the certificate details before the redirect.
we have a requirement in which we need to monitor the certificate details before redirect actually happens, let me know if that can be achieved.

I can see the same functionality in SAM HTTPS component monitor which has the capability to DO NOT FOLLOW the redirect but not sure how to leverage that in monitoring the certificate before the redirect. We can monitor it in Site24X7 not sure if that can be done here in SW.
If Anyone can help me with that, that would be really great.

Thanks in Advance!

Regards
Rahul Bajpai
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
alex81 over 4 years ago

This is the error I get -
Get Output Failed:
Output: ==============================================
Exception calling "AuthenticateAsClient" with "1" argument(s): "The client and server cannot communicate, because they do not possess a common algorithm"
Message : Error occurred connecting to machinename, Code: Exception calling "AuthenticateAsClient" with "1" argument(s): "The client and server cannot communicate, because they do not possess a common algorithm".exception.innerexception.message
Statistic : 0
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
trilobite_rex over 4 years ago

I just applied this to a server to test, it comes back with status unknown but does deliver the output. Any thoughts as to why or how to fix it.
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
lalit.kumar553 over 4 years ago

Who can i monitor installed certificates expiry on single node. as per out of box templates i am able to monitor only one certificate from all of them.
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel