PRTG Custom Sensor Powershell script with openssl, wrong output

Hello, I created a powershell script to monitor a FTPS Server SSL Certificate. Openssl is installed on the probe server and running the script in powershell gives the correct output, however PRTG always gets the code 2 which I use for "Check Failed". I'd be thankful if anyone can point out the issue here.

Script:

param ($server, $port)

$target = -join($server, ":", $port)

$check = (Write-Output "Q" | openssl s_client -connect $target -CAfile c:\cacert.pem -starttls ftp -verify_quiet | openssl x509 -enddate -noout -checkend 2592000)

$returncode = 2

if ($check -contains "Certificate will expire"){

    $returncode = 1

}

if ($check -contains "Certificate will not expire"){

    $returncode = 0

}

$returndescription = switch($returncode) {

    2 {"Check Failed"}

    1 {"Warning, will expire within 30 days or less"}

    0 {"Success, will not expire soon"}

}

"<prtg>"

   "<result>"

   "<channel>Code</channel>"

   "<value>$returncode</value>"

   "</result>"

   "<text>$returndescription</text>"

   "<text>$check</text>"

"</prtg>"

Powershell output:

PS C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML> ./ftpzertifikat.ps1 ftp.servername.de 21

220 SERVERNAME FTP Server

DONE

<prtg>

<result>

<channel>Code</channel>

<value>0</value>

</result>

<text>Success, will not expire soon</text>

<text>notAfter=Dec 30 23:59:59 2023 GMT Certificate will not expire</text>

</prtg>

Article Comments

Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.

Hi there,

Did you already check the debug files from PRTG when you enable Store Result in the sensor settings? I would assume that following does not work properly:

$check = (Write-Output "Q" | openssl s_client -connect $target -CAfile c:\cacert.pem -starttls ftp -verify_quiet | openssl x509 -enddate -noout -checkend 2592000)

and therefore the returncode still is 2.

Kind regards

Felix Wiesneth - Team Tech Support

Jan, 2023 - Permalink

@Felix Wiesneth

Thanks, the logs showed that $check was empty. For some reason openssl was not found even though it is in the system variable $PATH, hardcoding the path to openssl.exe was the solution.

$check = (Write-Output "Q" | .'C:\Program Files (x86)\OpenSSL-Win32\bin\openssl' s_client -connect $target -CAfile c:\cacert.pem -starttls ftp -verify_quiet | .'C:\Program Files (x86)\OpenSSL-Win32\bin\openssl' x509 -enddate -noout -checkend 2592000)

Jan, 2023 - Permalink

PRTG Custom Sensor Powershell script with openssl, wrong output

Article CommentsAttention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.

Search

Attention

Related Articles

Article Comments

Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.