Invalid after of inspector syntax

What’s the proper syntax of the “invalid after of” inspector? I mean how do I display the expiration time of a certificate? When I try to type
invalid after of "certificate name"
I get en error “The operator “invalid after” is not defined”. I tried even
invalid after of "CERT_SYSTEM_STORE_LOCAL_MACHINE/MY/certificate name"
and got the same result. I tried both back slash and forward slash in the path and put a colon in front of the first slash. I tried to put the word “certificate” to various places, but without success.

Looking at the docmentation, the invalid after of property expects an x509 certificate object. Looking into how to create an x509 certificate object (https://developer.bigfix.com/relevance/reference/x509-certificate.html), there are three methods:

certificate of <client>
encryption certificate of <license>
pem encoded certificate of <file>

Judging by your sample above, I’m guessing you’re interested in checking an external certificate (i.e. not one associated with BigFix). As such, you would use the 3rd creation method above (pem encoded certificate of <file>) and point to the appropriate file. Here’s a sample:

Q: invalid after of pem encoded certificate of file "R:\license.crt"
A: Fri, 01 Dec 2023 12:24:44 -0400

Hm, but I don’t have any file, I just have the certificate installed. Or are certificates stored as files somewhere?

In this case, it’s perhaps a bit more involved. Check out the following thread for a start:

Thanks to the analysis I found the registry entries for the certificates. I constructed the following relevance clause, but I get the result “operator contains is not defined”

(value “Not After” of it as date) of keys whose (value “Subject” of it contains (computer name)) of keys “HKEY_LOCAL_MACHINE\Software\C3 Inventory\Certificate Store\LocalMachine\My” of native registry

I tried even the following clause, but I got “operator date is not defined”

(values “Not After” of it as date) of keys whose (value “Friendly name” of it is (dns name)) of keys “HKEY_LOCAL_MACHINE\Software\C3 Inventory\Certificate Store\LocalMachine\My” of native registry

Registry values are actually a complex type, that gets converted to string for display but you need to explicitly cast ‘as string’ for many string comparisons such as ‘contains’. Try

(value “Not After” of it as string as date) of keys whose (value “Subject” of it as string contains (computer name)) of keys “HKEY_LOCAL_MACHINE\Software\C3 Inventory\Certificate Store\LocalMachine\My” of native registry

In this case I get the error “Expression could not be parsed”. Without the “as date” it works fine, only it’s a string, obviously, not a date. When I put “as time” instead of “as date”, I get “Singular expression refers to nonexistent object”. The time format of the value is yyyy.mm.dd hh:mm:ss. I guess that could be the problem. I tried various ways of formatting the date, but I was always unsuccessful.

Time objects can be constructed using the following elements:

dd mmm yyyy hh:mm:ss tz or 17 Apr 2019 08:50:45 -0700

Using the string format you’ve provided, try the following relevance:

(substring(8,2) of it & " " & substring(5,2) of it as integer as month as three letters & " " & substring(0,4) of it & " " & following text of last " " of it & " " & local time zone as string) of "2016.08.11 12:34:56" as time

Well, I finally got it working, but then I found out that every server in the environment uses different date/time format :frowning: There are so many different formats, that constructing a clause based on “if/then/else” would take eternity. I found another value with a date only, without a time, which is sufficient, and that has the same format on all servers (Thu, 18 Apr 2019 for example), but on many servers it’s in a different language than English. Sometimes in Spanish, sometimes in Portuguese, sometimes in languages I can’t recognise. So I guess I’m screwed :frowning: I verified, that BigFix needs the date in English to understand it.