Anybody using IEM/TEM to find Expired Certs?

TimRice 2014-04-08 17:53:19 UTC #1

(imported topic written by Tim.Rice)

I’ve been asked if IEM can track/find Security Certificates that are either expired or that are about to expire.

I would think it appropriate to simply locate all Certificates and associate their Expiration dates with them.

Microsoft TechNet has
an article
about how to “Use PowerShell to Find Certificates that are About to Expire”.

Has anyone done anything similar before?

jgstew 2014-04-09 17:58:19 UTC #2

(imported comment written by jgstew)

I’ve been wondering about the best way to get at the info in certs through relevance. I was trying to track down a WMI query that would do this. The info is in the registry, but it is not easy to decode.

I would prefer a way to query the info using relevance, but even if a task could be run to dump out the data periodically and then read the results in with an analysis, it would be something.

TimRice 2014-04-10 00:39:29 UTC #3

written by Tim.Rice

One of our guys here has written a PowerShell script that will identify any Certs that are going to expire within a given period of time, or that have already expired, the script then exports the Cert information to a text file. From IEM I should then be able to execute the PS script as a Task and identify if the file exists with data in it and return a TRUE value letting us know that someone needs to touch the machine and decide what to do with the expired/expiring Certs.

If we get it working, I’ll try to post the code up on BigFix.me

jgstew 2014-04-10 00:42:38 UTC #4

written by jgstew

Thanks, that would be very helpful.

AlanM 2014-04-22 06:46:21 UTC #5

written by AlanM

There are some limited inspectors that could use some expansion that only will show the invalid before not invalid after. These also have limited scope as they only work on files

http://support.bigfix.com/inspectors/Authorization%20Objects_Any.html#x509%20certificate

jgstew 2014-04-23 17:49:56 UTC #6

written by jgstew

An inspector that would read the cert info in the registry would be useful. I suppose I need to file an RFE.

system 2014-06-10 14:31:09 UTC #7

written by LBowser

Any news on finding expired certs and is there a way to do this on unix systems?