DX Unified Infrastructure Management

Luc Christiaens posted Jan 30, 2023 05:31 AM

How do you verify this certificate for the moment?
If there is a command line (openssl?) to verify this you can do the verification via the logmon probe

Abhimanue Bhaskaran posted Feb 01, 2023 01:24 AM

Hello,

This was a new monitoring request from the users. We do not have any monitoring in place for Server certificates.

I found that there is a script for logmon is linux, I was wondering if there was one for windows machines? Maybe a PowerShell which everyone use?

link to Linux .sh script: https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=764981

Thanks,
AB

Luc Christiaens posted Feb 02, 2023 03:08 AM

You can launch your powershell via logmon command as: powershell -command "your command or script" and add watchers to create dynamic alarms
Or you can use a direct command, like: "openssl x509 -enddate -noout -in c:\temp\server-cert.pem"
This will return: notAfter=Feb 2 06:52:18 2024 GMT

Thomas Linder posted Feb 02, 2023 09:07 AM

Hi.

We're using the attached script wrapped around logmon Rules to identify certificates that are about to expire.
It allows for Warning and Critical thresholds, lists all certificates (one per line) except those outside of -IgnoreDaysPast (default -15) and -IgnoreDaysFuture (default 1500). Indication via OK, WARNING or CRITICAL string, fingerprint, days and CN,OU, ... included to be used in variables.

Logmon setup is a bit complex, see screenshots below for examples. I had to set up alerts via Advanced tab to get consistent alerts/clears. Can't remember why unfortunately.
Suppression key uses the fingerprint from the reported entry.

Basic syntax for execution from cmd / logmon: powershell.exe Check-Cert.ps1 -CertStore <Cert Store Path> -WarningDays <Warning Days> -CriticalDays <Critical Days>


Maybe this helps.

Regards,
Thomas.