Question

HTTP Certificate Expiry Date location

3 years ago
21 August 2020
2 replies
555 views

R

Userlevel 7

+18

RutJWhalen
Superhero (Partner)
345 replies

Does anybody know if the HTTP Certificate expiry date is held in a view/table?

The reason for asking is I wanted to set up in Application Monitoring a query to advise when the certificate is coming up for expiry, e.g. 30 days notice.

Recently, only by carrying out a delivery installation did we get notice that this was due to expire in 9 days. I don’t want it to be this close again. I have a notification in Outlook Calendar but just wondered.

Thank you for looking.

2 replies

Userlevel 7

+21

dsj
Superhero (Partner)
680 replies
3 years ago
24 August 2020

Hi @johnw66 ,

I’m not sure if the HTTP certification is stored in anywhere in the database but it is included in the Application Monitoring Metrics Command Line Interface.

CLI monitoring interface facilitates all metricises setup in as Application Monitoring queries as well as much more about IFS middleware including HTTP certificate expiration.

More details about CLI interface can be found in following section of the technical documentation.

Userlevel 7

+18

durette
Superhero (Customer)
488 replies
3 years ago
27 August 2020

Whenever we renew our cert, I set an Outlook reminder a month in advance of its expiration date.

I found a PowerShell solution to check this for a farm of servers. (I lightly modified it.)

https://stackoverflow.com/questions/39253055/powershell-script-to-get-certificate-expiry-for-a-website-remotely-for-multiple

$minimumCertAgeDays = 30
$timeoutMilliseconds = 10000
# $urls = get-content .\check-urls.txt
$urls = @()
$urls += 'https://docs.ifs.com/techdocs/'
$urls += 'https://www.ifs.com/us/'
$urls += 'https://community.ifs.com/'

#disabling the cert validation check. This is what makes this whole thing work with invalid certs...
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

ForEach ($url in $urls)
{
    Write-Host "Checking $url" -f Green
    $req = [Net.HttpWebRequest]::Create($url)
    $req.Timeout = $timeoutMilliseconds
    $req.AllowAutoRedirect = $false
    try {
        $req.GetResponse() | Out-Null
    } Catch {
        Write-Host "Exception While checking URL $url`: $_ " -f Red
    }
    $certExpiresOnString = $req.ServicePoint.Certificate.GetExpirationDateString()
    #Write-Host "Certificate expires on (string): $certExpiresOnString"
    [DateTime] $expiration = [System.DateTime]::Parse($req.ServicePoint.Certificate.GetExpirationDateString())
    #Write-Host "Certificate expires on (datetime): $expiration"
    [Int] $certExpiresIn = ($expiration - $(get-date)).Days
    $certName = $req.ServicePoint.Certificate.GetName()
    $certPublicKeyString = $req.ServicePoint.Certificate.GetPublicKeyString()
    $certSerialNumber = $req.ServicePoint.Certificate.GetSerialNumberString()
    $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
    $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString()
    $certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
    If ($certExpiresIn -gt $minimumCertAgeDays)
    {
        Write-Host "Cert for site $url expires in $certExpiresIn days [on $expiration]" -f Green
    }
    Else
    {
        Write-Host "WARNING: Cert for site $url expires in $certExpiresIn days [on $expiration]" -f Red
        Write-Host "Threshold is $minimumCertAgeDays days. Check details:`nCert name: $certName" -f Red
        Write-Host "Cert public key: $certPublicKeyString" -f Red
        Write-Host "Cert serial number: $certSerialNumber`nCert thumbprint: $certThumbprint`nCert effective date: $certEffectiveDate`nCert issuer: $certIssuer" -f Red
    }
    Write-Host
    Remove-Variable req
    Remove-Variable expiration
    Remove-Variable certExpiresIn
}

Reply

Did you find what you're looking for? If not:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded