11 Replies Latest reply on Sep 20, 2019 6:52 AM by jameslindsay

    SSL Certificate Expiration Date Monitor

    jameslindsay

      I'm looking for a way to pass more information into the alert that is triggered when I use this component. Specifically, I'm looking for the same information seen when you expose the details produced after using the test component function when setting up the monitoring template.

       

      Certificate was expired 460 day(s) ago. Expiration date: 5/23/2018

       

      SslExpirationDateProbe Execute Result: ================================

      Target: 000.00.00.000

      Statistic Value (certificate valid days left): 0

      Statistic Warning Threshold: 90

      Statistic Critical Threshold: 30

      Response Time Value: 00:00:00.1700260

      Response Time Warning Threshold: 10000

      Response Time Critical Threshold: 1.79769313486232E+308

      Outcome based on thresholds: NotAvailable

      Certificate details: ==============================================

      Subject: CN=my.site.com, OU=Domain Control Validated

      etc.......

        • Re: SSL Certificate Expiration Date Monitor
          shuth

          NOTE: This below assumes the use of the SSL Certificate Expiration Date Monitor component monitor, and not the in-built SSL certificate monitoring within AppInsight for IIS.

           

          When defining the alert, make sure you are triggering on the component (not the application). This will allow you to insert variables for the individual component metrics. I couldn't find any certificate details (subject, etc) - I think that only appears when testing the component.

           

           

          The I want to alert on should be Component.

           

              

           

           

          In the Trigger Actions, for your specific action (email/log to file/whatever) in the Message section click the Insert Variables button and navigate to the Component categories. From here you can find any related metric to include in the alert.

          The screenshots below shows the Statistic Data metric and the threshold metrics.

              

           

              

           

          You can customise the message text to your own liking. The example below was to demonstrate the output.

           

              

           

              

           

          You can also copy/paste the metrics below if you don't want to find them using insert variables.

           

           

          MetricVariableExample Output
          Node Name${N=SwisEntity;M=Application.Node.Caption}SERVER-ABC
          IP Address${N=SwisEntity;M=Application.Node.IP_Address}10.12.34.56
          Component Message${N=SwisEntity;M=ComponentAlert.ComponentMessage}Certificate will expire in 1394 day(s). Expiration date: 9/07/2023
          Statistic Value${N=SwisEntity;M=ComponentAlert.StatisticData}1394
          Statistic Warning Threshold${N=SwisEntity;M=ComponentAlertThresholds.ThresholdStatisticWarning}90
          Statistic Critical Threshold${N=SwisEntity;M=ComponentAlertThresholds.ThresholdStatisticCritical}30
          Response Time Value${N=SwisEntity;M=ComponentAlert.ResponseTime}24
          Response Time Warning Threshold${N=SwisEntity;M=ComponentAlertThresholds.ThresholdResponseTimeWarning}  (blank if no value set)
          Response Time Critical Threshold${N=SwisEntity;M=ComponentAlertThresholds.ThresholdResponseTimeCritical}
          2 of 2 people found this helpful
            • Re: SSL Certificate Expiration Date Monitor
              jameslindsay

              Thank you for your detailed response. It seems there are other needed values that are missing to help identify the actual cert on the host. For example:
              Subject: CN=my.site.com, OU=Domain Control Validated
              It strikes me odd that I can get this data when I use the target host as a component test target but not get the data within the alert.

                • Re: SSL Certificate Expiration Date Monitor
                  christopher.t.jones123

                  you could always build a custom alert variable to display that data. You can find the table that contains the data that you want and then build a variable to extract that information out of that table.

                  • Re: SSL Certificate Expiration Date Monitor
                    adam.beedell

                    Hi, we wrote some powershell for this, it's not perfect but it does let you get the certificate name presented easier

                     

                    The design is to check via a web request FIRST, then to inspect the node's cert store if it cant find anything, and use the earliest cert only. That works in our environment but you may want a different setup. We've got a few servers with an edited template for this reason.

                     

                    $statistic = $Null

                    $date = Get-Date

                    $URL = "https://${IP}"

                     

                     

                    $WebRequest = [Net.WebRequest]::Create($URL)

                    $WebRequest.UseDefaultCredentials = $true

                    $WebRequest.PreAuthenticate = $true

                     

                     

                    $AllArray = @()

                     

                     

                    Try

                    {

                        $WebResponse = $WebRequest.GetResponse()

                        $Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle

                        $statistic = $cert.Subject

                        $expiry = $cert.NotAfter

                        $remaining = $expiry - $date

                        $Statistic = $remaining.days

                    }

                    Catch

                    {

                       # Write-Host "Web request failed" -ForegroundColor Red

                       # Write-Host "Attempting to get cert info regardless..." -ForegroundColor Yellow

                     

                     

                        $Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle

                        $CN = $cert.Subject

                        $expiry = $cert.NotAfter

                        $remaining = $expiry - $date

                        $Statistic = $remaining.Days

                        If($statistic -lt "-2000")

                        {

                            Clear-Variable statistic

                        }

                    }

                    If($Statistic -ne $null)

                    {

                        $FormattedExpiry = $expiry.ToString("dd/MM/yyyy")

                        $Message = "Certificate $CN will expire on $FormattedExpiry, $statistic days left"

                        Write-Host "Statistic: $statistic"

                        Write-Host "Message: $message"

                        Exit 0;

                    }

                     

                     

                    Function Get-Direct

                    {

                        If($statistic -eq $Null)

                        {

                            #Write-Host "Trying direct cert store script" -ForegroundColor Yellow

                            $server = $url.Replace('https://','')

                            $objStore = new-object System.Security.Cryptography.X509Certificates.X509Store("\\$Server\MY","LocalMachine")

                            $objStore.open("ReadOnly")

                            $Cert = $objStore.Certificates | sort notafter

                            $CN = $Cert.subject[0]

                            $Expiry = $Cert.NotAfter[0]

                            $Remaining = $expiry - $date

                            $statistic = $remaining.Days

                            If($statistic -lt "-2000")

                            {

                                Clear-Variable statistic

                            }

                     

                     

                            If($statistic -eq $Null)

                            {

                                Write-Host "Statistic.ExitCode: 1"

                                Exit 1;

                            }

                            Else

                            {

                                $FormattedExpiry = $expiry.ToString("dd/MM/yyyy")

                                $Message = "Certificate $CN will expire on $FormattedExpiry, $statistic days left"

                                Write-Host "Statistic: $statistic"

                                Write-Host "Message: $message"

                                Exit 0;

                            }

                        }

                    }

                    If($statistic -eq $null)

                    {

                        Get-Direct

                    }

                    2 of 2 people found this helpful
                  • Re: SSL Certificate Expiration Date Monitor
                    jameslindsay

                    @Steven Carlson, I hope you didn't mind that I unmarked your answer correct as it did not address the actual question. While it is helpful to know that the component provides more detailed information, it does not provide the information I am looking for. Again, thank you for your detailed response. I am sure it will be helpful to others.

                      • Re: SSL Certificate Expiration Date Monitor
                        shuth

                        All good! I mentioned that particular monitor doesn't seem to collect the information about the certificate itself and I read the initial post as you were also looking for the information I talked about. If that's not what you're after then my response isn't correct.

                         

                        It looks like AppInsight for IIS might give you the information you're after but that's a lot of polling just for the SSL Certificate. I'm not on a system at the moment with it running but the demo site shows some examples. If you need more details than that, you'll probably be better off with the custom PowerShell method.

                        https://oriondemo.solarwinds.com/Orion/APM/IisBlackBox/IisSiteDetails.aspx?NetObject=ABIS:309

                          • Re: SSL Certificate Expiration Date Monitor
                            jameslindsay

                            Thanks again @Steven Carlson. Semantics I suppose. I use a combination of different techniques as I find that not any one works in all situations. I use IIS where IIS is running, I use the OOB Component monitor where it works, and I use custom PowerShell for the balance where there is no IIS and the OOB just doesn't seem to work. In some of these cases, the cert is not bound to port 443. The OOB component is about 50% of my servers (~50) and in many of these cases the custom PowerShell doesn't run. However, I was able to produce a report using some custom SWQL so I'll try to adapt that as christopher.t.jones123 suggested though I still don't find the CN it at least indicates the type. I'm not really a fan of that though as I have found that it can A) create strain on the database and B) sometimes not return a result even though there should be one. I'm not sure if that's a timing issue between the alert actions coupled with a slow response from the Db. In these cases it returns the query language which can be upsetting to the staff that deal with the emails/incident tickets I open. I just feel like the Component should return the CN/Subject and/or Subject Alternative Name without a lot of fuss.

                             

                            This is my Daily Report SWQL

                            SELECT E0.[DisplayName], E0.[Application].[Node].[Caption], E0.[ComponentAlert].[StatisticData],E0.[MultipleStatisticData].[StringData]

                            FROM Orion.APM.Component AS E0

                            WHERE  ( E0.[Application].[ApplicationAlert].[ApplicationName] = 'SSL Certificate Is Expiring 443'

                            AND E0.[ComponentAlert].[ComponentName] = 'SSL 443 Certificate Expiration Date Monitor')

                            OR ( ( E0.[Application].[ApplicationAlert].[ApplicationName] = 'SSL Certificate Monitor PSv2' ) AND ( ( E0.[ComponentAlert].[ComponentName] = 'Root Certificate' ) OR ( E0.[ComponentAlert].[ComponentName] = 'AuthRoot Certificate' ) OR ( E0.[ComponentAlert].[ComponentName] = 'CA Certificate' ) OR ( E0.[ComponentAlert].[ComponentName] = 'Personal ("My") Certificate' ) ) )

                            OR ( ( E0.[Application].[ApplicationAlert].[ApplicationName] = 'SSL Certificate Is Expiring 20001' ) AND ( ( E0.[ComponentAlert].[ComponentName] = 'SSL 20001 Certificate Expiration Date Monitor' ) ) )