How can we monitor the expiration time of computer certificates on windows machines? e.g. the computer certificate from a Domain Controller.
PTF.WinCertExpiration
This is possible with new Custom Sensor WinCertExpiration.
This sensor returns the number of days before your certificate expires and takes the following parameters:
-h= The hostname or ip-address the certificate is installed on.
-t= The thumbprint of the certificate to check.
-s= Optional the certificate store name (see below).
default=Root.")
-u= Optional Domain\Username of a user account allowed to check te certificate.
-p= Optional Password or passhash * of a user account allowed to check te certificate.(*) Use the PassHash Tool to generate a passhash from the usersaccounts password.
Note that the CurrentUser Store depends on the credentials used, using the -u= and -p= parameters.
| valid Certificate Store Names |
|---|
| AddressBook |
| AuthRoot |
| CertificateAuthority |
| Disallowed |
| My |
| Root |
| TrustedPeople |
| TrustedPublisher |
The sensor can be downloaded from http://prtgtoolsfamily.com/downloads/sensors (WinCertExpiration)
The WinCertExpiration provides a channel called value which contains the value in days, you can configure channel limits and threshold based notifications using that channel/value
Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
