Highlighted
Anonymous_User Absent Member.
Absent Member.
719 views

Monitoring PKI Certs on Domain Controllers


Greetings All,
We have a requirement to monitor the PKI Certs on our Domain Controllers
looking for those that are getting ready to expire. Ideally we would
like to receive an AppManager alert stating that a PKI Cert is about to
expire in two weeks. At a minimum we would like to recieve an
AppManager alert when a logon fails due to an expired certificate. What
would be the best way to do this if it can be done at all? Many thanks
in advance for any help.

v/r
Chris


--
abel5405
------------------------------------------------------------------------
abel5405's Profile: https://forums.netiq.com/member.php?userid=5035
View this thread: https://forums.netiq.com/showthread.php?t=51882

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Monitoring PKI Certs on Domain Controllers


Hi Chris

Having done a little research, it seems the simplest way to achieve this
may be to use the Run PowerShell Command Knowledge Script to run this
statement: *_G_e_t-ChildItem_-Path_cert:_-Recurse_-ExpiringInDays_n_*
where n is the number days within which the certificate will expire.
This command requires PowerShell 3.0. While it is also possible to get
the information in version 2, it appears to be somewhat more involved.
http://tinyurl.com/qh8j8ln

Hope this helps.


--
Alain Salesse | Senior Technology Consultant | Alain.Salesse@NetIQ.com
------------------------------------------------------------------------
SalesseA's Profile: https://forums.netiq.com/member.php?userid=3958
View this thread: https://forums.netiq.com/showthread.php?t=51882

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Monitoring PKI Certs on Domain Controllers


SalesseA;249552 Wrote:
> Hi Chris
>
> Having done a little research, it seems the simplest way to achieve this
> may be to use the Run PowerShell Command Knowledge Script to run this
> statement: *_G_e_t-ChildItem_-Path_cert:_-Recurse_-ExpiringInDays_n_*
> where n is the number days within which the certificate will expire.
> This command requires PowerShell 3.0. While it is also possible to get
> the information in version 2, it appears to be somewhat more involved.
> http://tinyurl.com/qh8j8ln
>
> Hope this helps.


Many thanks Salesse for your reply and information. I will deffinetly
give this a shot and see if we can make it work in our environment.
Many thanks again.


--
abel5405
------------------------------------------------------------------------
abel5405's Profile: https://forums.netiq.com/member.php?userid=5035
View this thread: https://forums.netiq.com/showthread.php?t=51882

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.