Hi guys,

I am running the below powershell script to pull the number of days before our CA certs expire.

$threshold = 9999  #Number of days to look for expiring certificates 
$deadline = (Get-Date).AddDays($threshold)   #Set deadline date
[string]$ServerName = "test-server" #Leave this blank when utilizing this in PRTG
        Invoke-Command -ComputerName $ServerName { Dir Cert:\LocalMachine\My } | foreach { 
            If ($_.NotAfter -le $deadline) { $_ | Format-List Issuer, @{Label="Expires In (Days)";Expression={($_.NotAfter - (Get-Date)).Days}} ;}
             
            elseif ($_.NotAfter -ge $deadline)  {Write-host $deadline ":All Certificates are NOT expiring within $threshold days."}
  }




The Expected output looks like this:

Issuer            : CN=test-serverCACERT
Expires In (Days) : 43

Issuer            : CN=test.serverCACERT
Expires In (Days) : 43

Currently, PRTG is only executing the script and not displaying any of the outputs. Am I able to format the output so that PRTG will create channels based on the issuer, and a value based on the Expires In (Days)?

Article Comments

Dear TSchroeder

To output just one channel, you can use the Custom Exe/Script standard sensor and use the output format

value:message

like

write-host $resultvalue":"$sensormessage

(Of course, this implies having those variables with the according content.)

To return multiple channels, the Exe/Script Advanced sensor is requried. That sensor expect an XML conforming to the Custom Script Advanced API. The API documentation is integrated in the PRTG webinterface, menu Setup | PRTG API, tab "Custom Sensors".


Aug, 2016 - Permalink

Thank you! I will give this a go.


Aug, 2016 - Permalink

Currently we are now getting "unauthorized access." Any thoughts?

I am able to run the script manually with the desired credentials on the Probe, and it runs flawlessly.


Aug, 2016 - Permalink

This is the script in a more refined form.

Param(
    [string]$Servername
    )

$threshold = 30  #Number of days to look for expiring certificates 
$deadline = (Get-Date).AddDays($threshold)   #Set deadline date


        Invoke-Command -ComputerName $ServerName { Dir Cert:\LocalMachine\My } | foreach { 
            
        If ($_.NotAfter -le $deadline) 
            {
                $Days= $_.NotAfter - (Get-Date)
            }
                $Day= ($_.NotAfter - (Get-Date)).Days
            }
        If ($Day -le $threshold) 
            {
                $Resultvalue= "1"
                $sensormessage= "The CA Certificates are about to expire in $Day days!"
                
            }
        else 
            {
                $Resultvalue= "0"
                $sensormessage= "All certificates are valid beyond $threshold days!"
            }
            
write-host $resultvalue":"$sensormessage

Aug, 2016 - Permalink

Dear TSchroeder

By default, the script is started by the Probe service which in turn runs with the local system account. Since the Probe is a 32-bit service, it also starts the 32-bit Powershell.

Please check the security context setting of the Exe/Script sensor and make sure it is set to use the Windows credentials of the parent device. Please also check those device credentials.


Aug, 2016 - Permalink