Due to a request on the PRTG KB of someone needing a single sensor that monitors multiple URLs for their certificate expiration I came up with the following script that is posted on this PRTG KB as well. The modified PowerShell script was provided there – it is mentioned it sourced from Stack Overflow – I found it on this link: https://stackoverflow.com/questions/28386579/modifying-ssl-cert-check-powershell-script-to-loop-through-multiple-sites
The result would look like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | <PRTG> <result> <channel>google.com</channel> <value>66</value> <CustomUnit>days</CustomUnit> <LimitMinWarning>30</LimitMinWarning> <LimitMinError>5</LimitMinError> </result> <result> <channel>aol.com</channel> <value>143</value> <CustomUnit>days</CustomUnit> <LimitMinWarning>30</LimitMinWarning> <LimitMinError>5</LimitMinError> </result> <result> <channel>yahoo.com</channel> <value>96</value> <CustomUnit>days</CustomUnit> <LimitMinWarning>30</LimitMinWarning> <LimitMinError>5</LimitMinError> </result> <result> <channel>espn.com</channel> <value>-999</value> <CustomUnit>days</CustomUnit> <LimitMinWarning>30</LimitMinWarning> <LimitMinError>5</LimitMinError> </result> <text>Not reached pages: espn.com</text> </PRTG> |
To make it more usable – you can input parameters from PRTG like this:
1 | @("domain.com","domain2.com","domain3.com") |
or this for limits – warning 60 and error 10 – you could name them but this should work as well…
1 | @("domain.com","domain2.com","domain3.com") 60 10 |
And here is the modified script:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | param( $WebsiteURLs= @("google.com","aol.com","yahoo.com","espn.com"), $LimitMinDaysWarning=30, $LimitMinDaysError=5 ) $WebsitePort=443 $Threshold=120 $Severe=30 $ID=0 $XML = "<PRTG>" $TextError = "" foreach ($WebsiteURL in $WebsiteURLs){ $CommonName=$WebsiteURL $ID+=1 Try{ $Conn = New-Object System.Net.Sockets.TcpClient($WebsiteURL,$WebsitePort) Try { $Stream = New-Object System.Net.Security.SslStream($Conn.GetStream(),$false, { param($sender, $certificate, $chain, $sslPolicyErrors) return $true }) $Stream.AuthenticateAsClient($CommonName) $Cert = $Stream.Get_RemoteCertificate() $CN=(($cert.Subject -split "=")[1] -split ",")[0] $ValidTo = [datetime]::Parse($Cert.GetExpirationDatestring()) $ValidDays = $($ValidTo - [datetime]::Now).Days $MyFontColor="darkgreen" if ($ValidDays -lt $Threshold) { $MyFontColor="darkyellow" } if ($ValidDays -lt $Severe) { $MyFontColor="red" } $XML += "<result><channel>$WebsiteURL</channel><value>$ValidDays</value><CustomUnit>days</CustomUnit><LimitMinWarning>$LimitMinDaysWarning</LimitMinWarning><LimitMinError>$LimitMinDaysError</LimitMinError></result>" } Catch { Throw $_ } Finally { $Conn.close() } } Catch { $XML += "<result><channel>$WebsiteURL</channel><value>-999</value><CustomUnit>days</CustomUnit><LimitMinWarning>$LimitMinDaysWarning</LimitMinWarning><LimitMinError>$LimitMinDaysError</LimitMinError></result>" If ($TextError.Length -gt 0) { $TextError += " / " } $TextError += "$WebsiteURL" } } If ($TextError.Length -gt 0) { $XML += "<text>Not reached pages: $TextError</text>" } $XML += "</PRTG>" Function WriteXmlToScreen ([xml]$xml) #just to make it clean XML code... { $StringWriter = New-Object System.IO.StringWriter; $XmlWriter = New-Object System.Xml.XmlTextWriter $StringWriter; $XmlWriter.Formatting = "indented"; $xml.WriteTo($XmlWriter); $XmlWriter.Flush(); $StringWriter.Flush(); Write-Output $StringWriter.ToString(); } WriteXmlToScreen "$XML" |
