SSL Certificates Monitor |SAM 6.5.0|

Hello farhood​

if its the default SSL cert monitor thats built into SAM your talking about then by default it will monitor a certificate thats presented on port 443 (HTTPS) such as https://website.mydomain.co.uk for example.

The description for the monitor is:

This component monitor tests a web server's ability to accept incoming sessions over a secure channel and then test the security certificate's expiration date.

By default, this monitor tests TCP port 443.

More information about this monitor can be found in in the SAM Administrator's Guide.

If you wanted to monitor an IMAP certificate for example which would be on your exchange server you would use the SSL Cert Monitor but amend the port to 993, that way the monitor looks at port 993 to check the certificate expiry.

Amend the port on the monitor to one you want to monitor.

Does that help?

Regards,

L.

Hey leigham martin​

Yup that helped, thank you so much. So if I want to monitor multiple certificated can I bind them with multiple ports and get all the certificates fetched from the server? I want to monitor multiple certificates installed on a same server.

farhood​ Hi!

Thats good news, it depends i guess on what your certificates are for, if your using an exchange server for example, you can monitor the SSL ports for IMAP, SMTP and HTTPS (443) with the SSL Certificate monitor. Personally i would use 3 separate SSL monitors but configure them on the same box just different ports if that makes sense?

But yes, if you have multiple certs running on different ports/services you should be able to monitor each one with individual monitors.

Regards,

L.

Hey leigham martin​

Yup I got your point, you actually showed me a new way Most of the certificated are from web servers where different websites are hosted with their certificates. I ma going to try it today and will let you know it its working or not, using multiple monitors for multiple certificates on a same server.

Regards,

Farhood.

I wrote this guy to track all certs on a server, though it doesn't seem to work on Remote Execution, only localhost... perhaps it needs escalation?

$Expired_Certs = Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 0 $Expiring_Soon_Certs = Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 30 $Expiring_Certs = Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 90 "Statistic.Expired: " + $Expired_Certs.Count $Cert_Item_Text ="Message.Expired: " Foreach ($Cert_Item in $Expired_Certs)   {     $Cert_Item_Text += "Expired:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"   } $Cert_Item_Text "Statistic.ExpiringSoon: " + $Expiring_Soon_Certs.Count $Cert_Item_Text = "Message.ExpiringSoon: " Foreach ($Cert_Item in $Expiring_Soon_Certs)   {     $Cert_Item_Text += "Expiring:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"   } $Cert_Item_Text "Statistic.Expiring: " + $Expiring_Certs.Count $Cert_Item_Text = "Message.Expiring: " Foreach ($Cert_Item in $Expiring_Certs)   {     $Cert_Item_Text += "Expiring:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"   } $Cert_Item_Text

Bah.. this "Works" but throws errors and doesn't pull ALL the certs even when run as Admin.  I really hate Windows...

$Remote_Server="Servername"

$Expired_Certs = invoke-command -computername $Remote_Server {Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 0}

$Expiring_Soon_Certs = invoke-command -computername $Remote_Server {Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 30}

$Expiring_Certs = invoke-command -computername $Remote_Server {Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 90}

"Statistic.Expired: " + $Expired_Certs.Count

$Cert_Item_Text ="Message.Expired: "

Foreach ($Cert_Item in $Expired_Certs)

  {

    $Cert_Item_Text += "Expired:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

  }

$Cert_Item_Text

"Statistic.ExpiringSoon: " + $Expiring_Soon_Certs.Count

$Cert_Item_Text = "Message.ExpiringSoon: "

Foreach ($Cert_Item in $Expiring_Soon_Certs)

  {

    $Cert_Item_Text += "Expiring:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

  }

$Cert_Item_Text

"Statistic.Expiring: " + $Expiring_Certs.Count

$Cert_Item_Text = "Message.Expiring: "

Foreach ($Cert_Item in $Expiring_Certs)

  {

    $Cert_Item_Text += "Expiring:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

  }

$Cert_Item_Text

Hi we use below script to check all certificates that will expire within 30 days on a machine. Not only certificates bount to a website but all of them (That is local machine certificates, not use certificates) Seem to work.

    [CmdletBinding()]

    [OutputType([String])]

    Param

    (

        #Specify thumpprint of certificate to be excluded.

        [Parameter(Mandatory=$false)]

        [String[]]

        $ThumbprintExclude,

        [Parameter(Mandatory=$False)]

        [int]

        #Specify what expiration day to look for in days from now.

        $Days = '30'

    )

    Process

    {

        $certstore = Get-ChildItem Cert:\LocalMachine\My  | Where {$_.NotAfter -lt  (Get-Date).AddDays($days) }

        IF ($ThumbprintExclude -ne $null){

            Foreach ($thumbprint in $ThumbprintExclude){

                $certstore = $certstore | where {$_.Thumbprint -ne $thumbprint}

            }

        }

        $certstore | ForEach-Object {

        Write-host "Message: Certificate with subject" $_.Subject "will expire on" $_.NotAfter

        }

        Write-host "Statistic:" $certstore.Count

    }

I would like this monitor to be enhanced. I've posted an idea here: https://thwack.solarwinds.com/ideas/9214. If you like it please vote on it! Dave Burton

daveb7114​ Seashore​ leigham martin​
Hey!

I have sorted a way out to monitor all the certificates. As by default the SSL Certificate Monitor is fetching data at 443 port. I replicated that SSL Certificate Monitor, changed the port to 444 and bound that same port to the certificate which I want to monitor at server and assigned that duplicated monitor to that server and configured a alert. This is working fine for me. Doing this I am monitoring multiple certificates by assigning different monitors to same server.

Hope this helped.!

HI every one.

Does this SSL Certificate Monitor require any other port except 443 for fetching data?

I'm trying to use it on AWS EC2 instance but keep getting error "Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host." Port is 443 is open, I can telnet it.