We monitor number of our certificates for expiry purposes and this works fine.
What we are trying to do now is monitor ADFS Token Signing certificates as these auto renew but some of our Relying Party Trusts to not accept auto update and we need to advise them that certificate is about to change.
Is there a way to do this?
ADFS token certificate expiration monitoring
-
- Posts: 65
- Joined: Mon Mar 19, 2012 11:51 pm
-
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
You may use "Shell Script" test method with cusom Powershell script:
Start cmd: powershell.exe %script% %params%
Script retrieves ADFS Token Signing active certificate and returns amount of days left to certificate expiration.
Code: Select all
$statusUnknown = "ScriptRes:Unknown:"
$statusOk = "ScriptRes:Ok:"
$statusBad = "ScriptRes:Bad:"
if (!$args[0]) {
echo $statusUnknown"Cartificate expiration threshold is required."
exit
}
$CertLimit = $args[0]
$CertExp = (NEW-TIMESPAN –Start (Get-Date) –End (Get-ADFSCertificate -CertificateType "Token-Signing" | where-object {$_.IsPrimary}).Certificate.NotAfter).Days
if ($CertExp -le $CertLimit) { echo $statusBad$CertExp }
else { echo $statusOk$CertExp }
Script retrieves ADFS Token Signing active certificate and returns amount of days left to certificate expiration.
-
- Posts: 65
- Joined: Mon Mar 19, 2012 11:51 pm
-
- Posts: 65
- Joined: Mon Mar 19, 2012 11:51 pm
-
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact: