You can be notified when a remote web site certificate is about to expire using checkurl.exe from EventSentry SysAdmin Tools.
For that we are going to:
Note: This guide is focused on EventSentry 4.2 and up, but will work with older versions as well
Download and install the Evensentry SysAdmin Tools from here (EventSentry SysAdmin Tools documentation
Left Click on User (embedded) menu tree under "Scripts" then click on add button at the ribbon menu.
Creating a new User (Embedded) Script
(1) Enter script name, check_vertificate.cmd for this example (2) Enter description (3) Enter Script Content:
@ECHO off
"C:\Program Files\essysadmintools\checkurl" /lc /le /evt "CERTICATE=ERROR" /certdays 21 https://system32.eventsentry.com
The default installation path for EventSentry SysAdmin Tools was used for this example, make sure to specify the correct path inside quotes if the SysAdmin Tools were installed in different path.
This command line example will check the certificate of system32.eventsentry.com and will add an EventLog entry if the certificate expires in 21 days or less. Any amount of days can be specified.
Configuring the new User (Embedded) Script
Once the User (Embedded) script is created, the next step is to create an Application Scheduler object.
(1) Right Click on System Health Package group under Packages tree, and then (2) Add Package. (3) For this example we named the package "Check MyWebsite Certificate"
Creating a new package.
(1) Right click on the new package then (2) click on add and (3) Application Scheduler.
Creating a new package.
For this example we are going to run the User Embedded script every day at 6 Am.
At the Add Application Schedule Windows, (1) select Regular Schedule (2) Select the Days and Time. (3) Specify the filename of the script that was just created (4) and click on "Test" button to verify whether the script is working correctly. The test windows will print the script result. If everything was configured correctly, the certificate expiration date for the selected website will be shown.
Creating a new package.
After creating the new package it must be assigned to a computer. (1) Right click the package (2), click assign (3) and select the host where the script should be executed. In this example the local host where the management console is running is selected, but the script can be executed from any host as long as all dependencies (e.g. checkurl.exe) are present.
Assigning the new package.
(1) Right Click on Event Logs under Package tree and (2) click Add Package. (3) For this example we named the package Alert Certificate. (4) Right click on the just created package (5) and click on Add Filter.
Creating Event Log Package.
(1) For this example we named the filter Alert Certificate Expiration. (2) Select the Actions (in this example email is used, but other action types can be triggered, for example a Telegram message).
Filter Configuration:
Log: Application
Event Severity: Warning
Filter Settings: Include
Details - Event Source: ESAdminTools
Details - Category: CheckURL
Details - EventID: 1004
Note: ESAdminTools may no exist at the drop down list at the Event Source selection, you can just enter the name manually or copy/paste from this guide
Creating Event Log Filter.
Assign the package to the same host where the Application schedule was assigned. (1) Right click on the just created Event Log Package, (2) click assign and (3) select the host's checkbox.
Assigning the Event Log Package
From the top menu, (1) click home (2) and the save icon.
If everything was correctly configured an alert will be triggered when the certificate expires sooner than the specified number of days.
Email Alert Example.
Notification can be tested by just running CheckURL.exe from the command line but with a higher number of days, for example:
1 |
"C:\Program Files\essysadmintools\checkurl" /lc /le /evt "CERTICATE=ERROR" /certdays 61 https://system32.eventsentry.com``` |
Running that command manually on the host machine, if the certificate is expiring in fewer than 61 days, will generate the EventLog event that triggers the email notification.
Event Log message on expiring certificate