Home

Results 1 to 3 of 3

Thread: Monitoring PKI Certs on Domain Controllers

  1. #1
    abel5405 NNTP User

    Monitoring PKI Certs on Domain Controllers


    Greetings All,
    We have a requirement to monitor the PKI Certs on our Domain Controllers
    looking for those that are getting ready to expire. Ideally we would
    like to receive an AppManager alert stating that a PKI Cert is about to
    expire in two weeks. At a minimum we would like to recieve an
    AppManager alert when a logon fails due to an expired certificate. What
    would be the best way to do this if it can be done at all? Many thanks
    in advance for any help.

    v/r
    Chris


    --
    abel5405
    ------------------------------------------------------------------------
    abel5405's Profile: https://forums.netiq.com/member.php?userid=5035
    View this thread: https://forums.netiq.com/showthread.php?t=51882


  2. #2
    SalesseA NNTP User

    Re: Monitoring PKI Certs on Domain Controllers


    Hi Chris

    Having done a little research, it seems the simplest way to achieve this
    may be to use the Run PowerShell Command Knowledge Script to run this
    statement: *_G_e_t-ChildItem_-Path_cert:_-Recurse_-ExpiringInDays_n_*
    where n is the number days within which the certificate will expire.
    This command requires PowerShell 3.0. While it is also possible to get
    the information in version 2, it appears to be somewhat more involved.
    http://tinyurl.com/qh8j8ln

    Hope this helps.


    --
    Alain Salesse | Senior Technology Consultant | Alain.Salesse@NetIQ.com
    ------------------------------------------------------------------------
    SalesseA's Profile: https://forums.netiq.com/member.php?userid=3958
    View this thread: https://forums.netiq.com/showthread.php?t=51882


  3. #3
    abel5405 NNTP User

    Re: Monitoring PKI Certs on Domain Controllers


    SalesseA;249552 Wrote:
    > Hi Chris
    >
    > Having done a little research, it seems the simplest way to achieve this
    > may be to use the Run PowerShell Command Knowledge Script to run this
    > statement: *_G_e_t-ChildItem_-Path_cert:_-Recurse_-ExpiringInDays_n_*
    > where n is the number days within which the certificate will expire.
    > This command requires PowerShell 3.0. While it is also possible to get
    > the information in version 2, it appears to be somewhat more involved.
    > http://tinyurl.com/qh8j8ln
    >
    > Hope this helps.


    Many thanks Salesse for your reply and information. I will deffinetly
    give this a shot and see if we can make it work in our environment.
    Many thanks again.


    --
    abel5405
    ------------------------------------------------------------------------
    abel5405's Profile: https://forums.netiq.com/member.php?userid=5035
    View this thread: https://forums.netiq.com/showthread.php?t=51882


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •