Home
  •  

Advertencia de certificado SSL en el servidor de federación

Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor (UnitMonitor)

Knowledge Base article:

Resumen

El certificado SSL configurado para el sitio web pasivo de federación en el servidor de federación expirará en 20 días.

Causas

El certificado SSL expirará en 20 días.

Resoluciones

Obtenga un nuevo certificado e impórtelo utilizando el complemento Administrador de IIS para el sitio web pasivo de federación.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices20.Websites
Parent MonitorSystem.Health.ConfigurationState
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Advertencia de certificado SSL en el servidor de federación
El certificado SSL configurado para el sitio web pasivo de federación expirará en 20 días.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.Websites" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType" ConfirmDelivery="false">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Warning</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>

  </OperationalStates>

  <Configuration>

    <PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>

    <ScriptName>FederationServerWebsitesSSLCertFutureExpiryCheck.ps1</ScriptName>

    <ScriptBody><Script>

            function ByteArrayMatch ($array1, $array2)

{

    if ( ($array1 -eq $null) -or ($array2 -eq $null) )

    {

        return $false

    }

    

    if ( $array1.Length -ne $array2.Length )

    {

        return $false

    }

    

    for ($i = 0; $i -lt $array1.Length; $i++)

    {

        if ( $array1[$i] -ne $array2[$i] )

        {

            return $false

        }

    }

    

    return $true;

}



function GetADFSSSLCertificate()

{

    $cert = $null;

    $hash = ( Get-WmiObject -namespace "root/MicrosoftIISV2" -Class "IISWebServer" |  Where-Object {$_.Name -eq "W3SVC/1"} | Select-object SSLCertHash )

    if ($hash -ne $null)

    {

        $certStoreName = Get-WmiObject -namespace root/MicrosoftIISV2 -Class IISWebServerSetting | Where-Object {$_.Name -eq "W3SVC/1"} | Select-Object SSLStoreName

        $certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store($certStoreName.SSLStoreName , [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine)

        $certStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)

        

        for ( $i = 0; $i -lt $certStore.Certificates.Count; $i++)

        {

            $cert = $certStore.Certificates[$i]

            if ($cert -ne $null)

            {

                $certHash = $cert.GetCertHash()

                if ( ByteArrayMatch $hash.SSLCertHash $certHash  )

                {                

                    break;

                }

            }

            $cert = $null

        }

    }    

    return $cert

}



[System.Reflection.Assembly]::LoadWithPartialName("System.Security")



$scomapi = new-object -comObject "MOM.ScriptAPI"

$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 700, 4, "SSL certificate future expiry check PowerShell monitoring script")



$script:certOK = $true



&amp;{

    $sslCertificate = GetADFSSSLCertificate

    if ($sslCertificate -ne $null)

    {

        if ( $sslCertificate.NotAfter.Subtract([System.DateTime]::Now).Days -lt 20 )

        {

            $script:certOK = $false

        }

    }

}

trap [System.Exception]   

{ 

    $script:exceptionMessage = $_.Exception.Message

    $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 701, 2, "SSL certificate future expiry check PowerShell monitoring  failed with an error. " + $_.Exception.Message)

    continue

}





$scompb = $scomapi.CreatePropertyBag()

$scompb.AddValue("CertOK",  $script:certOK )

$scompb.AddValue("ErrorMessage",  $script:exceptionMessage )

$scomapi.AddItem($scompb) 

$scomapi.ReturnItems() </Script></ScriptBody>

    <IntervalSeconds>86400</IntervalSeconds>

    <TimeoutSeconds>300</TimeoutSeconds>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='CertOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">false</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='CertOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>