Home
  •  

Avviso certificato SSL sul server federativo

Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor (UnitMonitor)

Knowledge Base article:

Riepilogo

Il certificato SSL configurato per il sito Web passivo federativo nel server federativo scadrà tra 20 giorni.

Cause

Il certificato SSL scadrà tra 20 giorni.

Risoluzioni

Ottenere un nuovo certificato e importarlo mediante lo snap-in Gestione IIS per il sito Web passivo federativo.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices20.Websites
Parent MonitorSystem.Health.ConfigurationState
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Avviso certificato SSL sul server federativo
Il certificato SSL configurato per il sito Web passivo federativo scadrà tra 20 giorni.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.Websites" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType" ConfirmDelivery="false">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices20.FederationServerWebsitesSSLCertGoingToExpireMonitor_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Warning</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>

  </OperationalStates>

  <Configuration>

    <PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>

    <ScriptName>FederationServerWebsitesSSLCertFutureExpiryCheck.ps1</ScriptName>

    <ScriptBody><Script>

            function ByteArrayMatch ($array1, $array2)

{

    if ( ($array1 -eq $null) -or ($array2 -eq $null) )

    {

        return $false

    }

    

    if ( $array1.Length -ne $array2.Length )

    {

        return $false

    }

    

    for ($i = 0; $i -lt $array1.Length; $i++)

    {

        if ( $array1[$i] -ne $array2[$i] )

        {

            return $false

        }

    }

    

    return $true;

}



function GetADFSSSLCertificate()

{

    $cert = $null;

    $hash = ( Get-WmiObject -namespace "root/MicrosoftIISV2" -Class "IISWebServer" |  Where-Object {$_.Name -eq "W3SVC/1"} | Select-object SSLCertHash )

    if ($hash -ne $null)

    {

        $certStoreName = Get-WmiObject -namespace root/MicrosoftIISV2 -Class IISWebServerSetting | Where-Object {$_.Name -eq "W3SVC/1"} | Select-Object SSLStoreName

        $certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store($certStoreName.SSLStoreName , [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine)

        $certStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)

        

        for ( $i = 0; $i -lt $certStore.Certificates.Count; $i++)

        {

            $cert = $certStore.Certificates[$i]

            if ($cert -ne $null)

            {

                $certHash = $cert.GetCertHash()

                if ( ByteArrayMatch $hash.SSLCertHash $certHash  )

                {                

                    break;

                }

            }

            $cert = $null

        }

    }    

    return $cert

}



[System.Reflection.Assembly]::LoadWithPartialName("System.Security")



$scomapi = new-object -comObject "MOM.ScriptAPI"

$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 700, 4, "SSL certificate future expiry check PowerShell monitoring script")



$script:certOK = $true



&amp;{

    $sslCertificate = GetADFSSSLCertificate

    if ($sslCertificate -ne $null)

    {

        if ( $sslCertificate.NotAfter.Subtract([System.DateTime]::Now).Days -lt 20 )

        {

            $script:certOK = $false

        }

    }

}

trap [System.Exception]   

{ 

    $script:exceptionMessage = $_.Exception.Message

    $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 701, 2, "SSL certificate future expiry check PowerShell monitoring  failed with an error. " + $_.Exception.Message)

    continue

}





$scompb = $scomapi.CreatePropertyBag()

$scompb.AddValue("CertOK",  $script:certOK )

$scompb.AddValue("ErrorMessage",  $script:exceptionMessage )

$scomapi.AddItem($scompb) 

$scomapi.ReturnItems() </Script></ScriptBody>

    <IntervalSeconds>86400</IntervalSeconds>

    <TimeoutSeconds>300</TimeoutSeconds>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='CertOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">false</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='CertOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>