7 Replies Latest reply on Nov 12, 2019 4:06 PM by tomiannelli

    SSL Certificate Expiration Report - All OS

    nsandberg

      Hello,

       

      I've been asked by my manger to create a custom report that shows SSL expiration dates for both Windows and Linux OS. He's very specific, and he would like to have the report include the Certificate Name, Issuer, Expiration Date, and Days Remaining. I know that's very unusual request and maybe not really doable. I'm using SAM 6.6.1 and I've tried the out-of-the-box SSL Certificate Expiration Monitor in SAM. I know some of these details are available in AppInsight Monitor, but I can't seem to get the data my boss wants in a comprehensive report. He basically found a screen shot on the Solarwinds sight (see below) and wants to recreate that in a report.

       

      Has anyone create a customer report with some of these fields my boss is looking for?

       

      Thanks in advance for any advice or help!

      Nelson

       

      Here's the screen shot:

       

        • Re: SSL Certificate Expiration Report - All OS
          jvb

          The screen shot you posted is from the AppInsight for IIS template so that view is going to be specific to sites running on IIS.

          For your other platforms you are correct in choosing the out of the box SSL Cert Expiration template.

          However, as you have already seen, that template does not pull back all the data you are looking for.

          The best you can probably do there is shown in the screen shot below.

           

          • Re: SSL Certificate Expiration Report - All OS
            yaquaholic

            We also to wanted to get the certificate issuer, rather than the expiry date,  so I wrote a PowerShell script to fit in a Windows PowerShell Monitor:

             

            -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

            $site = "${IP}"        

            $port = 443    #assumes your using default HTTPS port

             

            #Create a TCP Socket to the site and a port number

            $tcpsocket = New-Object Net.Sockets.TcpClient($site, $port)

             

            #test if the socket got connected

            if(!$tcpsocket)

            {

                Write-Host "Statistic.Issuer: 0"

                Write-Host "Message.Issuer:  $site port 443 not open"

            }

            else

            {

                #Socket Got connected get the tcp stream ready to read the certificate

                $tcpstream = $tcpsocket.GetStream()

             

                #Create an SSL Connection

                $sslStream = New-Object System.Net.Security.SslStream($tcpstream,$false, {param($sender, $certificate, $chain, $sslPolicyErrors) return $true })

                #Force the SSL Connection to send us the certificate

                $sslStream.AuthenticateAsClient($site)

             

             

                #Read the certificate

                $certinfo = New-Object system.security.cryptography.x509certificates.x509certificate2($sslStream.RemoteCertificate)

            }

             

            $website = $certinfo.DNSNameList.Unicode

                    if ( $website -eq  'localhost.localdomain' )

                                        {   $website = 'Self Signed'

                                            Write-Host "Statistic.Issuer: 1"

                                            Write-Host "Message.Issuer: " $website }

                    else

                                       {  Write-Host "Statistic.Issuer: 1"

                                          Write-Host "Message.Issuer: " $certinfo.Issuer  }

            -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

             

            You could also pull the following properties from $certinfo, using $certinfo.<Name>:

             

            Archived                        Property       bool Archived {get;set;}                                                                                                      

            Extensions                      Property       System.Security.Cryptography.X509Certificates.X509ExtensionCollection Extensions {get;}                                       

            FriendlyName                    Property       string FriendlyName {get;set;}                                                                                                

            Handle                          Property       System.IntPtr Handle {get;}                                                                                                   

            HasPrivateKey                   Property       bool HasPrivateKey {get;}                                                                                                     

            Issuer                          Property       string Issuer {get;}                                                                                                          

            IssuerName                      Property       System.Security.Cryptography.X509Certificates.X500DistinguishedName IssuerName {get;}                                         

            NotAfter                        Property       datetime NotAfter {get;}                                                                                                      

            NotBefore                       Property       datetime NotBefore {get;}                                                                                                     

            PrivateKey                      Property       System.Security.Cryptography.AsymmetricAlgorithm PrivateKey {get;set;}                                                        

            PublicKey                       Property       System.Security.Cryptography.X509Certificates.PublicKey PublicKey {get;}                                                      

            RawData                         Property       byte[] RawData {get;}                                                                                                         

            SerialNumber                    Property       string SerialNumber {get;}                                                                                                    

            SignatureAlgorithm              Property       System.Security.Cryptography.Oid SignatureAlgorithm {get;}                                                                    

            Subject                         Property       string Subject {get;}                                                                                                         

            SubjectName                     Property       System.Security.Cryptography.X509Certificates.X500DistinguishedName SubjectName {get;}                                        

            Thumbprint                      Property       string Thumbprint {get;}                                                                                                      

            Version                         Property       int Version {get;}       

             

            So for the Expiry dates at something like this to the end of the above script:

             

            $expiry = $certinfo.NotAfter

            $now = $now = (Get-Date).AddDays(90)   #Now + 90 days adjust as required

            if ( $expiry -ge $now )

                 { Write-Host "Message.Expiry:" $expiry

                   Write-Host "Statistic.Expiry: 1" }

            else { Write-Host "Message.Expiry: Certificate will within 90 days." $expiry

                   Write-Host "Statistic.Expiry: 0" }

                  

            You can of course add some additional logic in there, so that you get 

            I hope it helps

            1 of 1 people found this helpful