Test for Certification Authority Certificate Expiry

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
Post Reply
RogerSpraggon
Posts: 65
Joined: Mon Mar 19, 2012 11:51 pm

Test for Certification Authority Certificate Expiry

Post by RogerSpraggon »

We have an internal AD Certificate Authority server that issues certificates to AD users and computers and I'm trying to find a way to test when the Certification Authority Certificate expires
Top
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:
Contact KS-Soft

Post by KS-Soft »

Not sure..
What about Certificate Expiration test on port 636 (LDAP)?

If this will not work, try Shell Script test with powershell script like

Code: Select all

$statusUnknown = "ScriptRes:Unknown:"
$statusOk      = "ScriptRes:Ok:"
$statusBad     = "ScriptRes:Bad:"
try 
{
 Get-CA ca.company.com | Get-IssuedRequest -Property "CertificateTemplate" | %
 {
   $daysleft = ($_.NotAfter - (Get-Date)).days
   echo ScriptRes:Ok:$daysleft
 }
}
catch
{
  echo $statusUnknown + $_.Exception.GetType().FullName + ":" + $_.Exception.Message 
}
Script uses PKI module
https://github.com/PKISolutions/PSPKI

Regards
Alex
Top
RogerSpraggon
Posts: 65
Joined: Mon Mar 19, 2012 11:51 pm

Post by RogerSpraggon »

The port 636 LDAP didn't work.
Started playing with the script and having trouble restricting to just the Certification Authority Certificate
Top
Post Reply

Return to “Configuration, Maintenance, Troubleshooting”