Home Directory Plugins Operating Systems Windows NRPE check Windows certificates health

Search Exchange

Search All Sites

Nagios Log Server Now Available - Download Now

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

check Windows certificates health

Bookmark and Share

Current Version
0.1
Last Release Date
2013-05-04
Compatible With
  • Nagios 3.x
E-mail
License
GPL
Hits
24565
Files:
FileDescription
lotp_check_certificates.ps1.txtlotp_check_certificates.ps1.txt
Check installed certificates in Windows store using powershell through NRPE / nsclient++:

-My store (machine)
-Root store
-CA store
-Auth store
-SharePoint store

You can specify number of days before expiring, and threshold for warning / critical

All known already expired certificate in store, provided by Microsoft on all Windows Server 2003 / 2008 / 2012 are ignored
Check installed certificates in Windows store using powershell through NRPE / nsclient++:

-My store (machine)
-Root store
-CA store
-Auth store
-SharePoint store

You can specify number of days before expiring, and threshold for warning / critical

All known already expired certificate in store, provided by Microsoft on all Windows Server 2003 / 2008 / 2012 are ignored

###############################################
Tested Setup:

Monitoring Box:
-Centos 6.4 x64
-Nagios 3.4.4
-check_nrpe 2.13
-Centreon 2.4.2
-nsclient++ 0.4.1 x64 & x86
-Windows Server 2003 / 2008 R2 / 2012
-tested on both Core & GUI Servers

###############################################
Scripts arguments
The script accept eight arguments:
-checkMyStore (true by default)
-checkRootStore (true by default)
-checkCAStore (true by default)
-checkAuthRootStore (true by default)
-checkSharePointStore (true by default)
-expireInDays (60 by default)
-maxWarn (Warning if above)
-maxCrit (Critical if above)

###############################################
Local execution example:

PS C:Program FilesNSClient++scripts> . .lotp_check_certificates.ps1 $true $true $true $true $true 60 0 0
CRITICAL: *.mydomain.net:2013/06/05
PS C:Program FilesNSClient++scripts>

NRPE execution:
[root~]# /usr/lib64/nagios/plugins/check_nrpe -H myserver -n -c check_certificate -a $true $true $true $true $true 60 0 0
CRITICAL: *.mydomain.net:2013/06/05
[root~]#

###############################################
Installation:
On Windows Servers:
-copy script in folder C:Program FilesNSClient++scripts
-enable powershell script execution without signed : Set-ExecutionPolicy RemoteSigned
-Add to nsclient.ini:
[/settings/external scripts/wrapped scripts]
check_certificate=lotp_check_certificate.ps1 $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$ $ARG6$ $ARG7$ $ARG8$

###############################################
Configuration:

For example, on Centreon:
-Add a new command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -t 60 -n -c check_certificate -a $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$ $ARG6$ $ARG7$ $ARG8$

Then add monitoring filling the ARGS. (using $$true and $false to escape correctly).
Reviews (1)
The -maxWarn & -maxCrit parameters aren't described well in my opinion. They are the number of certs that are expired or will expire. so -maxWarn 1 -maxCrit 2 will give you a warning if 1 cert will expire or a critical if 2 or more certs are expiring.

I'm more interested in setting the number of days ahead of expiration for my warning and critical alerts.