![]() |
There are toolkit methods of validating a website's certificate. For Linux, there's the openssl command and for Windows, a PowerShell command that creates a HttpWebRequest call. |
![]() |
For the PowerShell Toolkit: Adding more websites to the powershell toolkit is trivial; however you would need to have a https:// prefix and add it within the script content as seen below: Your dataview should look similar to this format. For the Linux Toolkit: Adding more websites to the Linux toolkit is easy as well; you can add more sites to the sampler script section. Your dataview should look similar to this format. For the sampler's XML: WinCertCheck.xml
<sampler name= "WinCertCheck" > <sampleInterval> <data> 1200 </data> </sampleInterval> <plugin> <toolkit> <samplerScript> <data>C:\Windows\System32\WindowsPowerShell\v1. 0 \powershell.exe -executionpolicy bypass -file "CertCheck.ps1"</data> </samplerScript> <script> <contents> <data>$minimumCertAgeDays = 80000 $timeoutMilliseconds = 5000 $urls = @( "https: //resources.itrsgroup.com", "https: //helpdesk.itrsgroup.com", "https: //itrsgroup.webex.com", "https: //www.cisco.com", "https: //email.itrsgroup.com" ) #disabling the cert validation check. This is what makes this whole thing work with invalid certs... [Net.ServicePointManager]::ServerCertificateValidationCallback = {$ true } Write-Host Host`,Name`,Issuer`,Status`,Expires On`,Days Left -f Green foreach ($url in $urls) { #Write-Host `n Checking $url -f Green $req = [Net.HttpWebRequest]::Create($url) $req.Timeout = $timeoutMilliseconds try {$req.GetResponse() | Out-Null} catch {} if ($req.ServicePoint.Certificate -ne $ null ) { [datetime]$expiration = $req.ServicePoint.Certificate.GetExpirationDateString() [ int ]$certExpiresIn = ($expiration - $(get-date)).Days $certName = $req.ServicePoint.Certificate.GetName() $certPublicKeyString = $req.ServicePoint.Certificate.GetPublicKeyString() $certSerialNumber = $req.ServicePoint.Certificate.GetSerialNumberString() $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString() $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString() $certIssuer = $req.ServicePoint.Certificate.GetIssuerName() #need to parse out the commas $certType = $req.ServicePoint.Certificate.GetType() $expirationString = "{0:dd MMMM yyyy hh:mm:ss}" -f $expiration #display date in full if ($certExpiresIn -gt 0 ) { $certStat = "Valid" } else { $certStat = "Invalid" } Write-Host $url`,($certName -replace "," , "\," )`,($certIssuer -replace "," , "\," )`,$certStat`,$expirationString`,$certExpiresIn } }</data> </contents> <filename> <data>CertCheck.ps1</data> </filename> </script> </toolkit> </plugin> </sampler> LinuxCertCheck.xml
<sampler name= "LinuxCertCheck" > <sampleInterval> <data> 12000 </data> </sampleInterval> <plugin> <toolkit> <samplerScript> <data>./ChkCert.sh resources.itrsgroup.com itrsgroup.webex.com cisco.com email.itrsgroup.com helpdesk.itrsgroup.com</data> </samplerScript> <script> <contents> <data>#!/bin/bash #set -x # for Debugging #typical port for cert checking/https calls cport= 443 if [ $# -gt 0 ]; then #Setup your headlines. echo "Host, Issuer, Subject, Status, Expires On, Days Left" #Check the OS just in case if [[ `uname` -eq "Linux" ]]; then for var in "$@" do Conn=$(echo | openssl s_client -connect $var:$cport 2 >/dev/ null | openssl x509 -noout -issuer -subject -dates 2 >& 1 ) ConnCheck=$(echo "$Conn" | grep "unable to load certificate") if [ "$ConnCheck" == "unable to load certificate" ]; then echo "$var, ---, ---, Invalid/Can Not Connect, ---, ---" else Subj=$(echo "$Conn" | grep "subject=" | sed -e "s/subject= //g" | sed -e "s/\// /g" | sed -e "s/,//g") Issuer=$(echo "$Conn" | grep "issuer=" | sed -e "s/issuer= //g"| sed -e "s/\// /g" | sed -e "s/,//g") ExpDate=$(echo "$Conn" | grep "notAfter=" | sed -e "s/notAfter= //g") EpocExpDate=$(date --date="$ExpDate" +%s) EpocToday=$(date +%s) SecLeft=$(($EpocExpDate - $EpocToday)) DaysLeft=$(( $SecLeft / 86400 )) echo "$var,$Issuer,$Subj,Valid,$ExpDate,$DaysLeft" fi done fi fi</data> </contents> <filename> <data>ChkCert.sh</data> </filename> </script> </toolkit> </plugin> </sampler> |
-
Tags:
Comments
0 comments
Please sign in to leave a comment.