cancel
Showing results for 
Search instead for 
Did you mean: 

Using prognosis to manage certificate expiry

Jonathan_Mc
IR Partner

Using prognosis to manage certificate expiry

Hi,

is it possible to use prognosis to check certificate expiry dates on CM/SMGR etc?
6 REPLIES 6
Martin_Smith
Staff

Re: Using prognosis to manage certificate expiry

Hi Jonathan,

Am happy to research this - I have recently had queries regarding Cert warnings/alerts in Cisco and SfB environments, but can I just clarify - what/where are these Certificates used, i.e. context ?

BR,
ms.
Cedric_Jackson
08 Mountaineer

Re: Using prognosis to manage certificate expiry

I too am interested in this topic. My certs are on Avaya Experience Portal, Tomcat Application Servers and other places. I would like to read the expiration date and send out a notice.
ChristopherS
12 Sherpa

Re: Using prognosis to manage certificate expiry

I took a quick look at our Web Server related records (i.e. J2EE) and at least for those examples didn't see where we are 'currently' doing this.. ...However I've played around a bit and think build a consulting solution to do this seems absolutely possible via possibly a couple different ways.

What key metrics would you be looking for in particular to be part of such a record?
Are you just looking for like the name and expirey and what are the different source and platforms specifically would you be interested in?
Is there by chance any logs for any of these sources already that might give warnings or even an informational message on application startup?

Christopher

If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Solution Architect – MSci. PA, CISSP, ITIL.
Cedric_Jackson
08 Mountaineer

Re: Using prognosis to manage certificate expiry

Thanks for the feedback Christoper.

I am looking for Common Name / Signature Algorithm, & Expiry Date

Currently, I get notifications when the cert has failed.
ChristopherS
12 Sherpa

Re: Using prognosis to manage certificate expiry

Thanks.. I'm not a UC guy but it seems relatively straight forward for IIS (WMI) & Apache (Keytool).

The rest CM/SMGR, Cisco, SfB, and Avaya Experience Portal mentioned in this thread I'd need some more details.

Though I believe Shoaib mentioned in another post on a similar topic if we can aggregate the different sources we could definitely build something.

Christopher

If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Solution Architect – MSci. PA, CISSP, ITIL.
Shoaib_Dilawar
12 Sherpa

Re: Using prognosis to manage certificate expiry

Cedric,

from most of the windows boxes, we can remotely run Get-CsCertificate powershell command and get things like:

PSComputerName : xxx.xx.local
RunspaceId : 27f2fd9a-3afd-4d87-b152-8d8fd6be95a6
PSShowComputerName : True
Issuer : CN=xx-xx-CA, DC=xx, DC=local
NotAfter : 9/22/2018 2:06:44 PM
NotBefore : 9/22/2017 1:56:44 PM
SerialNumber :xx
Subject : CN=xx, OU=Denver, O=IR, L=xx, S=CO, C=US
AlternativeNames : {}
Thumbprint : 63E2CCC6AFC294A01363268936452607F2262F95
EffectiveDate : 9/22/2017 2:10:01 PM
PreviousThumbprint :
UpdateTime :
SourceScope : Global
Use : OAuthTokenIssuer

If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib