Also I noticed if I try to remove the Description or Property from the Collector Attributes Script the fields are again NaN with the error: ##-------------- Counters --------------------## $readOnly = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly" $localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine" $store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\my", $localMachine ) $properties = @( @{n='WildValue';e={"##WildValue##"}}, @{n='CommonName';e={$_.Subject}}, @{n='Description';e={"##Description##"}}, @{n='Properties';e={"##Properties##"}}, @{n='DaysUntilExpire';e={($_.NotAfter -[datetime]::Today ).Days}} ) $store.Open( $readOnly ) $store.Certificates ` | Where-Object {($_.Thumbprint -like "##WildValue##")} ` | Select-Object $properties Also I could not get rid of the message in the CommonName even the field is filled ...? How to clean this error message? Attribute not valid or not found in output - (method=namevalue, param=CommonName) Thanks, Dom

Almost there CommonName is filled properly but there is still the error message !!! Why? The Days to Expiration are correct

Finally the Test Script "Collector Attributes" is showing the correct value in the correct fields... Trying to populate the Fields in the Datapoint now!!!

Hello, The field CommonName is filled up but not with the value expected, it has the WildValue F23456... and not the CN... From the script results I thought the WildAlias was filled with the CN (see attachment) but apparently it is not strange!!!... The DaysToExpire is filled up in the Raw Request/Response but not but does not in the Datapoint. Not sure why the "##WildValue##.DaysToExpire" is not showing the value ... I think the datapoints are not correctly defined... Thanks, Dom

Hello, Some updates: ====================================================================================================== ##--------------- Discovery ------------------## $readOnly = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly" $localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine" ##$store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine )## $store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\my", $localMachine ) $store.Open( $readOnly ) $store.Certificates ` | Select-Object {$_.Thumbprint + "##" + $_.Subject } ` | Format-Table -HideTableHeaders ##--------------------------------------------## ====================================================================================================== and ====================================================================================================== ##-------------- Counters --------------------## $readOnly = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly" $localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine" $store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine ) $properties = @( @{n='DaysUntilExpire';e={($_.NotAfter -[datetime]::Today ).Days}}, @{n='CommonName';e={"##WILDALIAS##"}} ) $store.Open( $readOnly ) $store.Certificates ` | Where-Object {($_.Thumbprint -like "##WILDVALUE##")} ` | Select-Object $properties ====================================================================================================== with two datapoints ... I am progressing but not yet okay... I did a poll and I have No data for CommonName and DaystoExpire but I have the information in the Raw Request/Response output so I think I have wrongly associated some fields!!!! Thanks, Dom

Thanks for your patience Stuart... I found the location ##$store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine )## $store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\my", $localMachine ) Now I have the good certificate listed... I need to add as you said the expiration date set to combined both... Thanks, Dom

Hello, I understand what I do on _SSL_Certificates does not affect the SSLCerts DS but I would like the CN to appear in the _SSLCertificates but it does not with this script... is it the location of the certificate which is worng? I need the CN to appear in the Description of the Alert which is not the case for now. Apparently I see some certificates but not the one listed below with its CN value.. I have most of the certificates under "Trusted Root Certificates" but not the one under "Personal" folder... It is the certificate listed below in the personal folder I need with its common name listed in clear text in its description... Thanks, Dom

Thanks Stuart, Yes on the certificate, or with the SSLCerts it appears in the subject line but it never shows up in the Alert ... I nee the CN to appear in the Description of the Alert which is not the case for now Device: SOPRDSCIRIUS1 Time: 2020-06-15 19:20 (67 h 30 m) ID: DS1475028 Alert Message: LMD20268926 error - SOPRDSCIRIUS1 SSL Certificate Expiration443 Days ID: LMD20268926 The SSL Certificate on SOPRDSCIRIUS1, port 443 , is going to expire in 7.0 days. Datasource: SSL Certificate Expiration Instance: SSLCerts-443 Datapoint: Days Effective Thresholds: <= 28 7 2 Escalation Chain: NoEscalation Alert Rule: Error Instance Description: Value: 5.0 Group: Irvine-SDC , SDC , TEST , Windows Servers Full Path: Data Center/Irvine-SDC IT Ops Systems Management Group/Production/SDC IT Ops Systems Management Group/TEST Devices by Type/Windows Servers Thanks, Dom

Thanks Stuart but apparently I do not get the "common name" is it buried somewhere else than ##--------------- Discovery ------------------## $readOnly = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly" $localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine" $store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine ) $store.Open( $readOnly ) $store.Certificates ` | Select-Object {$_.Thumbprint + "##" + $_.Thumbprint + "##" + $_.Subject + $_.CommonName} ` | Format-Table -HideTableHeaders ##--------------------------------------------## $ !SSLCerts 10.32.156.78 443 Total received certs: 2 No.1 certificate CN : CN=soprdscirius1.ad.xxxxxx.yyyy.zzz, OU=X Information Technology Services (MITS), O="Local, Los Angeles", STREET=757 Ww Plaza, L=Los Angeles, ST=CA, OID.2.5.4.17=90095, C=US Issued At : Fri Jun 23 17:00:00 PDT 2017 Expire At : Tue Jun 23 16:59:59 PDT 2020 Valid for : 5 days No.2 certificate CN : CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US Issued At : Sun Oct 05 17:00:00 PDT 2014 Expire At : Sat Oct 05 16:59:59 PDT 2024 Valid for : 1570 days Thank, Dom

Thanks Stuart, The source of the question I am trying to resolve is coming from the datasource called "SSLCerts-" (displayname="SSL Certificate Expiration") which is incomplete and missing data (missing the "Common Name") for our team to be able to use it. The DS "_SSL_Certificates" has been created to try to collect the information needed like the “common name”. I used this one as it seems simpler to use and update than “SSLCerts”, I might be wrong, let me know. So the SSLCerts- DS is fine as is and for testing I didn’t want to touch it…. As it is already active in Production even if it is incomplete so far. I am writing _SSL_Certificates as a replacement for SSLCerts- or as addition to it to provide more information I will check for this error I did not see thanks for pointing it out the one causing the "No Data" error on collection. The output is not enough for our technician as they need the common name to be able to renew the certificate this is a company requirement I need the Common Name to be displayed as well as the Days before expiration both fields needs to there. If it is possible to add the “Common Name” to the DS “SSLCerts-“ directly it is fine with me but I could not get it, it is why I went to the “_SSL_Certificates” which looks like will be able to display the “Common Name” and then I will adjust it to get the expiration date as well. Thanks, Dom

Hello, I want to see the common name in the alert description but for now it is not displayed anywhere... Thanks, Dom

1. yes the alarm are coming from the SSL Certificate Expiration 2. No I did not see the common name anywhere in the current Datasource it is why I was creating a new one with the script in this thread.

Hello, I am using the two script from Cole McDonald: On 8/22/2019 at 9:11 AM, Cole McDonald said: I've lightened the load slightly on the winCertCheck (which is technically no longer the same DS as I've replaced the entirety of the scripts with simplified .NET based powershell scripts to avoid using invoke-command which tends to lead to some resource constraint issues. This should help though, will keep the same instances alive from the old code as the output is identical to the previous version by @Jonathan Arnold: ##--------------- Discovery ------------------## $readOnly = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly" $localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine" $store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine ) $store.Open( $readOnly ) $store.Certificates ` | Select-Object {$_.Thumbprint + "##" + $_.Thumbprint + "##" + $_.Subject + $_.CommonName} ` | Format-Table -HideTableHeaders ##--------------------------------------------## ##-------------- Counters --------------------## $readOnly = [System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly" $localMachine = [System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine" $store = new-object System.Security.Cryptography.X509Certificates.X509Store( "\\##SYSTEM.SYSNAME##\root", $localMachine ) $store.Open( $readOnly ) $store.Certificates ` | Where-Object {($_.Thumbprint -like "##WILDVALUE##")} ` | Select-Object @{ Name = "DaysUntilExpire" Expression = {((Get-Date -Date $_.NotAfter) - (Get-Date)).Days} } ` | Format-List ##--------------------------------------------## (please note the line continuations to help readability of the code) As always, neither I nor Beyond Impact warranty this code. It's working in our environment, I can't guarantee it'll work in yours. This doesn't account for anything that needs credentials other than what the collector uses. ========================================================================================================================== But when testing them on a current alert I could not get the correct common name displayed... and I do not see the certificate listed in the alert in the list of certificates produced by the script... I might have missed something!!! Thanks, Dom

Thanks I created a DataSource with the code above and I am testing now... Thanks Again Dom

Hello, Where is the "winCertCheck"? I do not see it in our environment. Is it a standard DS ? Should it be imported from somewhere? I would like to get the certificate "CommonName" displayed in the description of the Alert for SSL Expiration. Thanks, Dom