9 Replies Latest reply on Feb 16, 2018 10:30 AM by farhood

    SSL Certificates Monitor |SAM 6.5.0|

    farhood

      So I'm using SAM 6.5.0 to monitor the SSL certificates deployed at our various servers that includes web servers, exchange servers and other domain servers. I have observed that there are multiple certificates of different applications being deployed on all servers but I'm getting only one SSL certificate for monitoring. I have deployed the monitor and configured the alerts but I am afraid that something might go wrong if I miss any certificate. Can anyone guide me more in this regard specifically monitoring the SSL certificates effectively?


      Thank You.

      ~ Farhood Nishat


        • Re: SSL Certificates Monitor |SAM 6.5.0|
          leigham martin

          Hello farhood

           

          if its the default SSL cert monitor thats built into SAM your talking about then by default it will monitor a certificate thats presented on port 443 (HTTPS) such as https://website.mydomain.co.uk for example.

           

          The description for the monitor is:

           

          This component monitor tests a web server's ability to accept incoming sessions over a secure channel and then test the security certificate's expiration date.

          By default, this monitor tests TCP port 443.

          More information about this monitor can be found in in the SAM Administrator's Guide.

           

          If you wanted to monitor an IMAP certificate for example which would be on your exchange server you would use the SSL Cert Monitor but amend the port to 993, that way the monitor looks at port 993 to check the certificate expiry.

           

           

          Amend the port on the monitor to one you want to monitor.

           

          Does that help?

           

          Regards,

          L.

          1 of 1 people found this helpful
          • Re: SSL Certificates Monitor |SAM 6.5.0|
            farhood

            Hey leigham martin

            Yup that helped, thank you so much. So if I want to monitor multiple certificated can I bind them with multiple ports and get all the certificates fetched from the server? I want to monitor multiple certificates installed on a same server.

              • Re: SSL Certificates Monitor |SAM 6.5.0|
                leigham martin

                farhood Hi!

                 

                Thats good news, it depends i guess on what your certificates are for, if your using an exchange server for example, you can monitor the SSL ports for IMAP, SMTP and HTTPS (443) with the SSL Certificate monitor. Personally i would use 3 separate SSL monitors but configure them on the same box just different ports if that makes sense?

                 

                But yes, if you have multiple certs running on different ports/services you should be able to monitor each one with individual monitors.

                 

                Regards,

                 

                L.

              • Re: SSL Certificates Monitor |SAM 6.5.0|
                Geoff Smith

                I wrote this guy to track all certs on a server, though it doesn't seem to work on Remote Execution, only localhost... perhaps it needs escalation?

                 

                $Expired_Certs = Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 0

                $Expiring_Soon_Certs = Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 30

                $Expiring_Certs = Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 90

                 

                 

                "Statistic.Expired: " + $Expired_Certs.Count

                 

                 

                $Cert_Item_Text ="Message.Expired: "

                 

                 

                Foreach ($Cert_Item in $Expired_Certs)

                  {

                    $Cert_Item_Text += "Expired:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

                  }

                 

                 

                $Cert_Item_Text

                 

                 

                "Statistic.ExpiringSoon: " + $Expiring_Soon_Certs.Count

                 

                 

                 

                 

                $Cert_Item_Text = "Message.ExpiringSoon: "

                 

                 

                Foreach ($Cert_Item in $Expiring_Soon_Certs)

                  {

                    $Cert_Item_Text += "Expiring:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

                  }

                 

                 

                $Cert_Item_Text

                 

                 

                "Statistic.Expiring: " + $Expiring_Certs.Count

                 

                 

                $Cert_Item_Text = "Message.Expiring: "

                 

                 

                Foreach ($Cert_Item in $Expiring_Certs)

                  {

                    $Cert_Item_Text += "Expiring:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

                  }

                 

                 

                $Cert_Item_Text

                  • Re: SSL Certificates Monitor |SAM 6.5.0|
                    Geoff Smith

                    Bah.. this "Works" but throws errors and doesn't pull ALL the certs even when run as Admin.  I really hate Windows...

                     

                    $Remote_Server="Servername"

                     

                     

                    $Expired_Certs = invoke-command -computername $Remote_Server {Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 0}

                    $Expiring_Soon_Certs = invoke-command -computername $Remote_Server {Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 30}

                    $Expiring_Certs = invoke-command -computername $Remote_Server {Get-ChildItem –RECURSE –Path cert: -ExpiringInDays 90}

                     

                     

                    "Statistic.Expired: " + $Expired_Certs.Count

                     

                     

                    $Cert_Item_Text ="Message.Expired: "

                     

                     

                    Foreach ($Cert_Item in $Expired_Certs)

                      {

                        $Cert_Item_Text += "Expired:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

                      }

                     

                     

                    $Cert_Item_Text

                     

                     

                    "Statistic.ExpiringSoon: " + $Expiring_Soon_Certs.Count

                     

                     

                     

                     

                    $Cert_Item_Text = "Message.ExpiringSoon: "

                     

                     

                    Foreach ($Cert_Item in $Expiring_Soon_Certs)

                      {

                        $Cert_Item_Text += "Expiring:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

                      }

                     

                     

                    $Cert_Item_Text

                     

                     

                    "Statistic.Expiring: " + $Expiring_Certs.Count

                     

                     

                    $Cert_Item_Text = "Message.Expiring: "

                     

                     

                    Foreach ($Cert_Item in $Expiring_Certs)

                      {

                        $Cert_Item_Text += "Expiring:" + $Cert_Item.NotAfter.ToShortDateString() + " Subject:" + $Cert_Item.Subject + "<br>"

                      }

                     

                     

                    $Cert_Item_Text

                      • Re: SSL Certificates Monitor |SAM 6.5.0|
                        Seashore

                        Hi we use below script to check all certificates that will expire within 30 days on a machine. Not only certificates bount to a website but all of them (That is local machine certificates, not use certificates) Seem to work.

                         

                         

                            [CmdletBinding()]

                            [OutputType([String])]

                            Param

                            (

                                #Specify thumpprint of certificate to be excluded.

                                [Parameter(Mandatory=$false)]

                                [String[]]

                                $ThumbprintExclude,

                                [Parameter(Mandatory=$False)]

                                [int]

                                #Specify what expiration day to look for in days from now.

                                $Days = '30'

                            )

                            Process

                            {

                               

                                $certstore = Get-ChildItem Cert:\LocalMachine\My  | Where {$_.NotAfter -lt  (Get-Date).AddDays($days) }

                         

                         

                                IF ($ThumbprintExclude -ne $null){

                                    Foreach ($thumbprint in $ThumbprintExclude){

                                        $certstore = $certstore | where {$_.Thumbprint -ne $thumbprint}

                                    }

                                }

                         

                         

                                $certstore | ForEach-Object {

                                Write-host "Message: Certificate with subject" $_.Subject "will expire on" $_.NotAfter

                                }

                                Write-host "Statistic:" $certstore.Count

                            }

                        1 of 1 people found this helpful
                    • Re: SSL Certificates Monitor |SAM 6.5.0|
                      daveb7114

                      I would like this monitor to be enhanced. I've posted an idea here: https://thwack.solarwinds.com/ideas/9214. If you like it please vote on it! Dave Burton

                      • Re: SSL Certificates Monitor |SAM 6.5.0|
                        farhood

                        daveb7114 Seashore leigham martin
                        Hey!

                         

                        I have sorted a way out to monitor all the certificates. As by default the SSL Certificate Monitor is fetching data at 443 port. I replicated that SSL Certificate Monitor, changed the port to 444 and bound that same port to the certificate which I want to monitor at server and assigned that duplicated monitor to that server and configured a alert. This is working fine for me. Doing this I am monitoring multiple certificates by assigning different monitors to same server.

                         

                        Hope this helped.!