Download: [download id=”13″]

Intro:

This management packs can be used to check the expire date on all or specific certificates in the client/servers certificates store.

It uses the event log on the local client, to alert the OpsMgr unit monitor .

It is supposed to check once every day, and make a warning in the opsmgr if any certificates are close to the expire date.

This is the very first version. It has been tested in my test environments, and will soon be tested in production.

Please do not hesitate to report any bugs and please send suggestions for the next version you might have.

This was developed with the help of Kåre Rude Andersen and NetOp Solutions A/S

Have a great summer!

Install:

1.

Import the Management Pack into OpsMgr.

2.

Place the program file (.exe) in a shared directory.

All clients must have access to this file via the OpsMgr Rule Account

Save the UNC Path for later use in the configuration

3.

Open Properties window for the Rule called “Certificates: Run Script”

4.

Click “Edit” in the “Configuration”-pane by the Responses box.

Read the Configuration details below

image
5.

Both monitor and rule is disabled by default. Use the override function to enable it on specific computers, or just enable it on all.

6.

System is now ready!

Configuration:

Configuration can be found in the Rule Details, read the installation manual above.

arrStore = Array(“my”,”root”)
List of folders to check in each Store location
Valid entries: “my”, “root”, “addressbook”,”authroot”,”certauth”,”disallowed”,”trustedpeople”,”trustedpublisher” .
Example: Array(“my”,”root”)

arrStoreLoc = Array(“CurrentUser”,”LocalMachine”)
List of Certificate Locations to check
Valid Entries: “CurrentUser”,”LocalMachine”.
Array: (“CurrentUser”,”LocalMachine”)

arrSubjects = Array(“”)
List of subjects to search for
Example:. Array(“coretech”,”microsoft”)

strDaysToexpire = 1000
Limit in days, before the system should create an alert

strEventIDGood = 500

Event ID for the Healthy Event.

strEventIDBad = 510
Event ID for the unhealthy Event.

strEventIDInfo = 520
Event ID for info about the copy of the program file.

strSourcePath = “\\CTJGS\C$\CheckCertificateExpires.exe”
The UNC Path to the file, all monitored clients must have access to this folder.

strTargetPath = objShell.ExpandEnvironmentStrings(“%TEMP%”) & “\CheckCertificateExpires.exe”
Target path , where the script should place the file on local PC.
Default is the %TEMP% folder.
Usually there is not need to edit this parameter.

Script:

' //***************************************************************************
' // ***** Script Header *****
' //
' // Solution:  Ops Mgr
' // File:      CheckCertificatesExpirery.vbs
' // Author:	Jakob Gottlieb Svendsen, Coretech A/S. https://blog.ctglobalservices.com
' //
' // CORETECH A/S History:
' // 0.0.1     JGS 29/06/2008  Created initial version.
' //
' // Customer History:
' //
' // ***** End Header *****
' //***************************************************************************
'//----------------------------------------------------------------------------
'//
'//  Global constant and variable declarations
'//
'//----------------------------------------------------------------------------
Set objShell=CreateObject("WScript.Shell")
Set objFSO=CreateObject("Scripting.FileSystemObject")
Set oAPI = CreateObject("MOM.ScriptAPI")
'//----------------------------------------------------------------------------
'//
'//  Configuration
'//
'//----------------------------------------------------------------------------
'Store Names: "my", "root", "addressbook","authroot","certauth","disallowed","trustedpeople","trustedpublisher" . ex. Array("my","root")
arrStore = Array("my")
'Store Locations: Valid Entries are "CurrentUser","LocalMachine". ex. Array("CurrentUser","LocalMachine")
arrStoreLoc = Array("CurrentUser")
'Search Subject String. ex. Array("coretech","microsoft")
arrSubjects = Array("")
'Expire Day Limit
strDaysToexpire = 90
'Healthy EventID
strEventIDGood = 500
'Unhealthy EventID
strEventIDBad = 510
strEventIDInfo = 520
'The UNC Path to the file, all monitored clients must have access to this folder.
strSourcePath = "\\CHI-RMS\Cert\CheckCertificateExpires.exe"
'Target path , where the script should place the file on local PC.
strTargetPath = objShell.ExpandEnvironmentStrings("%TEMP%") & "\CheckCertificateExpires.exe"

'//----------------------------------------------------------------------------
'//  Main routines
'//----------------------------------------------------------------------------

Do
	If objFSO.FileExists(strTargetPath) Then
		If objFSO.GetFileVersion(strTargetPath) = objFSO.GetFileVersion(strSourcePath) Then
			strText = ""
			strCount = 0
			For Each storeloc In arrStoreLoc
				For Each store In arrStore
					For Each subject In arrSubjects
						strCommand = strTargetPath & " """ & strDaysToExpire & """ """ & subject & """ """ & store & """ """ & storeloc & """"
						'WScript.Echo strCommand 'just for debugging
						Set returnCmd = objShell.Exec(strCommand)
						'Loop while process is running
						Do
							WScript.Sleep 10
							Do Until returncmd.StdOut.AtEndOfStream
								strText = strText & returncmd.StdOut.ReadLine() & vbCrLf
							Loop
						Loop Until returncmd.Status <> 0 And returncmd.StdOut.AtEndOfStream
						If returncmd.ExitCode <> 0 Then
							strCount = strCount + returncmd.ExitCode
						End If

						bRetry = False
						'Clear object before next
						Set returnCmd = Nothing
					Next
				Next
			Next
		Else
			Call oAPI.LogScriptEvent(WScript.ScriptName, strEventIDInfo, 0, "CheckCertificateExpires.exe Not the correct version, Copying file and retrying..")
			'Copy file
			Call objFSO.CopyFile(strSourcePath, strTargetPath)
			'WScript.Echo "Cannot find exe file"
			bRetry = True
		End If
	Else
		Call oAPI.LogScriptEvent(WScript.ScriptName, strEventIDInfo, 0, "CheckCertificateExpires.exe Not Found, Copying file and retrying..")
		'Copy file
		Call objFSO.CopyFile(strSourcePath, strTargetPath)
		'WScript.Echo "Cannot find exe file"
		bRetry = True
	End If
Loop While bRetry = True

'Put In logo and cleanup output text from exe
strText = Replace(strText,"CheckCertificates Utility Developed by Coretech A/S. https://blog.ctglobalservices.com","")
strText = strText & vbCrLf & "CheckCertificates Management Pack Developed by Coretech A/S. https://blog.ctglobalservices.com"

If strCount > 0 Then
	Call oAPI.LogScriptEvent(WScript.ScriptName, strEventIDBad, 2, "Some Certificates are expiring soon, the different lists from each location, is shown below." & vbCrLf & strText)
Else
	Call oAPI.LogScriptEvent(WScript.ScriptName, strEventIdGood, 4, "All Certificates are valid within the specified timespan.")
End If

That should be it for now!

Please bring your feedback 🙂