Home
  •  

Avertissement de certificat SSL sur le serveur de fédération

Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor (UnitMonitor)

Knowledge Base article:

Résumé

Le certificat SSL configuré pour le site Web passif de fédération sur le serveur de fédération expirera dans 20 jours.

Causes

Le certificat SSL expirera dans 20 jours.

Résolutions

Obtenez un nouveau certificat et importez-le à l'aide du composant logiciel enfichable Gestionnaire des services Internet pour le site Web passif de fédération.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices20.Websites
Parent MonitorSystem.Health.ConfigurationState
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Avertissement de certificat SSL sur le serveur de fédération
Le certificat SSL configuré pour le site Web passif de fédération expirera dans 20 jours.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.Websites" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType" ConfirmDelivery="false">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Warning</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>

  </OperationalStates>

  <Configuration>

    <PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>

    <ScriptName>FederationServerWebsitesSSLCertFutureExpiryCheck.ps1</ScriptName>

    <ScriptBody><Script>

            function ByteArrayMatch ($array1, $array2)

{

    if ( ($array1 -eq $null) -or ($array2 -eq $null) )

    {

        return $false

    }

    

    if ( $array1.Length -ne $array2.Length )

    {

        return $false

    }

    

    for ($i = 0; $i -lt $array1.Length; $i++)

    {

        if ( $array1[$i] -ne $array2[$i] )

        {

            return $false

        }

    }

    

    return $true;

}



function GetADFSSSLCertificate()

{

    $cert = $null;

    $hash = ( Get-WmiObject -namespace "root/MicrosoftIISV2" -Class "IISWebServer" |  Where-Object {$_.Name -eq "W3SVC/1"} | Select-object SSLCertHash )

    if ($hash -ne $null)

    {

        $certStoreName = Get-WmiObject -namespace root/MicrosoftIISV2 -Class IISWebServerSetting | Where-Object {$_.Name -eq "W3SVC/1"} | Select-Object SSLStoreName

        $certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store($certStoreName.SSLStoreName , [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine)

        $certStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)

        

        for ( $i = 0; $i -lt $certStore.Certificates.Count; $i++)

        {

            $cert = $certStore.Certificates[$i]

            if ($cert -ne $null)

            {

                $certHash = $cert.GetCertHash()

                if ( ByteArrayMatch $hash.SSLCertHash $certHash  )

                {                

                    break;

                }

            }

            $cert = $null

        }

    }    

    return $cert

}



[System.Reflection.Assembly]::LoadWithPartialName("System.Security")



$scomapi = new-object -comObject "MOM.ScriptAPI"

$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 700, 4, "SSL certificate future expiry check PowerShell monitoring script")



$script:certOK = $true



&amp;{

    $sslCertificate = GetADFSSSLCertificate

    if ($sslCertificate -ne $null)

    {

        if ( $sslCertificate.NotAfter.Subtract([System.DateTime]::Now).Days -lt 20 )

        {

            $script:certOK = $false

        }

    }

}

trap [System.Exception]   

{ 

    $script:exceptionMessage = $_.Exception.Message

    $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 701, 2, "SSL certificate future expiry check PowerShell monitoring  failed with an error. " + $_.Exception.Message)

    continue

}





$scompb = $scomapi.CreatePropertyBag()

$scompb.AddValue("CertOK",  $script:certOK )

$scompb.AddValue("ErrorMessage",  $script:exceptionMessage )

$scomapi.AddItem($scompb) 

$scomapi.ReturnItems() </Script></ScriptBody>

    <IntervalSeconds>86400</IntervalSeconds>

    <TimeoutSeconds>300</TimeoutSeconds>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='CertOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">false</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='CertOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>