Home
  •  

Self Signed Certificate Health Probe Action

SelfSignedCertHealthProbeAction (ProbeActionModuleType)

Self signed certificate health probe action

Element properties:

TypeProbeActionModuleType
IsolationAny
AccessibilityInternal
RunAsDefault
InputTypeSystem.BaseData
OutputTypeSystem.PropertyBagData

Member Modules:

ID Module Type TypeId RunAs 
SelfSignedCertHealthScript ProbeAction Microsoft.Windows.PowerShellPropertyBagProbe Default

Source Code:

<ProbeActionModuleType ID="SelfSignedCertHealthProbeAction" Accessibility="Internal" Batching="false" PassThrough="false">

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="0" name="ExpiryWarningDays" type="xsd:double"/>

  </Configuration>

  <ModuleImplementation Isolation="Any">

    <Composite>

      <MemberModules>

        <ProbeAction ID="SelfSignedCertHealthScript" TypeID="Windows!Microsoft.Windows.PowerShellPropertyBagProbe">

          <ScriptName>SelfSignedCertHealthScript.ps1</ScriptName>

          <ScriptBody><Script>param( [double]$expiryWarningDays)

$global:key = "HKLM:\SOFTWARE\MICROSOFT\SDNMonitoringMP\"

$global:NCNodeNamesKey = "NCNodeNames"

$api = new-object -comObject 'MOM.ScriptAPI'

$logId = 5001

$friendlyName = "NetworkControllerSSCert_3F2504E0-4F89-41D3-9A0C-0305E82C3301"

$scriptName = 'selfSignedCertHealth.ps1'

$computers = ((Get-ItemProperty -Path $global:key).$global:NCNodeNamesKey ) -split ','

foreach ( $computerName in $computers ) {

    $bag = $api.CreatePropertyBag()

    $bag.AddValue("Name", $computerName)

    $health = 'Good'

    [string]$currentErrorString=[System.String]::Empty

    $bag.AddValue('remainDays',$expiryWarningDays)



    #get all the certs with a matching friendly name 

    $certsInStore=Invoke-Command -ComputerName $computerName -ScriptBlock { param($name) dir Cert:\LocalMachine\Root | Where-Object {$_.FriendlyName -match $name}} -ArgumentList $friendlyName 

    #check their expiry date 

    $timeNow = Get-Date

    foreach($certInStore in $certsInStore)

    {

	    if(($certInStore.NotBefore -gt $timeNow) -or ($certInStore.NotAfter -lt $timeNow))

        {

            $currentErrorString += $certInStore.Thumbprint + " ,1; " 

		    $health = 'Bad'

		    $api.LogScriptEvent($scriptName,$logId,0,$computerName + " : cert " + $certInStore.Thumbprint + " has expired or not activated yet.");

        }

        elseif($certInStore.NotAfter -gt $timeNow -and $timeNow.AddDays($expiryWarningDays) -gt $certInStore.NotAfter)

        {

            $currentErrorString += $certInStore.Thumbprint + " ,2; " 

            if($health -eq 'Good')

		    { 

		       $health = 'Warning'

		    }

		    $api.LogScriptEvent($scriptName,$logId,0,$computerName + " : cert " + $certInStore.Thumbprint + " is about to expire.");

        }

    }



    $bag.AddValue('Result',$health)

    $bag.AddValue('errorId',$currentErrorString)

    $bag

}</Script></ScriptBody>

          <Parameters>

            <Parameter>

              <Name>scriptName</Name>

              <Value>"SelfSignedCertHealthScript.ps1"</Value>

            </Parameter>

            <Parameter>

              <Name>expiryWarningDays</Name>

              <Value>$Config/ExpiryWarningDays$</Value>

            </Parameter>

          </Parameters>

          <TimeoutSeconds>300</TimeoutSeconds>

        </ProbeAction>

      </MemberModules>

      <Composition>

        <Node ID="SelfSignedCertHealthScript"/>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>System!System.PropertyBagData</OutputType>

  <InputType>System!System.BaseData</InputType>

</ProbeActionModuleType>