We have created a script with which you can monitor the runtime of individual certificates via Thumbprint.
Currently only the host can be specified via KS Hostmon.
Maybe this is helpful for one or the other.
Powershell Code:
Code: Select all
$statusAlive = "ScriptRes:Host is alive:"
$statusDead = "ScriptRes:No answer:"
$statusUnknown = "ScriptRes:Unknown:"
$statusNotResolved = "ScriptRes:Unknown host:"
$statusOk = "ScriptRes:Ok:"
$statusBad = "ScriptRes:Bad:"
$statusBadContents = "ScriptRes:Bad contents:"
if (!$args[0]) {
echo $statusUnknown"Computername not specified"
exit
}
if (!$args[1]) {
echo $statusUnknown"Certificate Thumbprint not specified"
exit
}
if (!$args[2]) {
echo $statusUnknown"Warningvalue not specified"
exit
}
$computername = $args[0]
$thumbprint = $args[1]
$warningvalue = $args[2]
$lifetime = invoke-command -computername $computername -scriptblock {ls $args[0]} -ArgumentList cert:\localmachine\my\$thumbprint
$lifetime = ($lifetime.notafter - (get-date)).days
if ($lifetime -gt $warningvalue) {
echo $statusOk"Certificate lifetime is "$lifetime" days"
}
elseif($lifetime -le $warningvalue){
echo $statusBad"Certificate lifetime is "$lifetime" days"
}
else {
echo $statusUnknown"StatusUnknown"
exit
}
Params: SERVER THUMBPRINT DAYS (Warningvalue)
Have a nice day!