Home
  •  

Invalid certificates Discovery

Microsoft.Certificates.Discovery.CertificateGroup.Invalid (Discovery)

Discovers certificates that were not expired but found invalid

Knowledge Base article:

Summary

Discovers certificates that were not expired but found invalid.

Element properties:

TargetMicrosoft.Certificates.CertificateGroup.Invalid
EnabledTrue
RemotableFalse

Object Discovery Details:

Discovered relationships and their attribuets:

Member Modules:

ID Module Type TypeId RunAs 
Microsoft.SystemCenter.GroupPopulator DataSource Microsoft.SystemCenter.GroupPopulator Default

Source Code:

<Discovery ID="Microsoft.Certificates.Discovery.CertificateGroup.Invalid" Enabled="true" Target="Microsoft.Certificates.CertificateGroup.Invalid" ConfirmDelivery="true" Remotable="true" Priority="Normal">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryRelationship TypeID="SCIG!Microsoft.SystemCenter.InstanceGroupContainsEntities"/>

  </DiscoveryTypes>

  <DataSource ID="Microsoft.SystemCenter.GroupPopulator" TypeID="SC!Microsoft.SystemCenter.GroupPopulator">

    <RuleId>$MPElement$</RuleId>

    <GroupInstanceId>$MPElement[Name="Microsoft.Certificates.CertificateGroup.Invalid"]$</GroupInstanceId>

    <MembershipRules>

      <MembershipRule>

        <MonitoringClass>$MPElement[Name="Microsoft.Certificates.Certificate"]$</MonitoringClass>

        <RelationshipClass>$MPElement[Name="SCIG!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$</RelationshipClass>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <Property>$MPElement[Name="Microsoft.Certificates.Certificate"]/ExpirationStatus$</Property>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value>VerifyChainFailed</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <Property>$MPElement[Name="Microsoft.Certificates.Certificate"]/ExpirationStatus$</Property>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value>Uninitialized</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

      </MembershipRule>

    </MembershipRules>

  </DataSource>

</Discovery>