Computer and IT knowledge - things to know

local check for windows cert store certificates - checkmk

>> script:

# Define the certificate stores to search
$stores = @("My", "Root", "CA", "TrustedPublisher", "AuthRoot", "TrustedPeople", "Disallowed")

# Print the header line
Write-Host "<<<local>>>"

foreach ($storeName in $stores) {
try {
# Open the certificate store
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store($storeName, 'LocalMachine')
$store.Open("ReadOnly")

# Get certificates from the store
$certificates = $store.Certificates

foreach ($cert in $certificates) {
# Extract the first Common Name (CN) from the certificate's subject and remove all
$firstCN = ($cert.Subject -split ',').Trim() | Where-Object { $_ -like 'CN=*' } | Select-Object -First 1 | ForEach-Object {
($_ -replace 'CN=', '').Trim() -replace '[^\x20-\x7E]', '' -replace '[^\w\s.*-]', '' -replace '\s+', '-'
}

# Replace multiple hyphens with a single hyphen
$firstCN = $firstCN -replace '-+', '-'

# Skip certificates without a CN
if ([string]::IsNullOrWhiteSpace($firstCN)) {
continue
}

# Use the first CN as the name
$name = $firstCN

# Calculate the number of days until the certificate expires
$daysUntilExpiry = ($cert.NotAfter - (Get-Date)).Days

# Format the output based on days until expiry
if ($daysUntilExpiry -gt 14) {
Write-Host "0 `"cert-store-$name`" - NotAfter-Date: $($cert.NotAfter) - The cert will expire in $daysUntilExpiry days"
} elseif ($daysUntilExpiry -le 14 -and $daysUntilExpiry -gt 7) {
Write-Host "1 `"cert-store-$name`" - NotAfter-Date: $($cert.NotAfter) - Warning the cert will expire in $daysUntilExpiry days"
} elseif ($daysUntilExpiry -le 7 -and $daysUntilExpiry -ge 0) {
Write-Host "2 `"cert-store-$name`" - NotAfter-Date: $($cert.NotAfter) - Warning the cert will expire in $daysUntilExpiry days"
} elseif ($daysUntilExpiry -lt 0) {
Write-Host "2 `"cert-store-$name`" - NotAfter-Date: $($cert.NotAfter) - Warning the cert is expired!"
}
}

# Close the certificate store
$store.Close()
} catch {
#Write-Host "Failed to open store: $storeName" -ForegroundColor Red
}
}

#Write-Host "Certificate enumeration completed." -ForegroundColor Green


--------------------------------------------

> place the script in: C:\ProgramData\checkmk\agent\plugins
> modify the check_mk.user.yml:

plugins:
enabled: yes
execution:
- pattern : '$CUSTOM_PLUGINS_PATH$\check_cert_store.ps1'
async : yes
run : yes
cache_age : 86400

> restart the checkmk service!
> view the output of the checkmk agent to see if the values are cached

computer2know :: thank you for your visit :: have a nice day :: © 2024