How to monitor PKI Windows Certificates expiration date



Welcome all of you.
My first post after many hours of reading this forum, which helped me a lot during Nagios implemantation…

I’m facing problem how to monitor windows self signed certificates (issued by local CA), exactly expiration dates on these certificates. We have to use here internal PKI for all DC, authentication, etc.

I have manged to use certutil command on tghe lcoal hosts and check date of certificates but how to do it via Nagios plugin???

Can anyone help ???




my solution might not be the way you’d like to do it, but in this case, I usually:

  1. find a software that run in commandline or that can dump the results in a text file
  2. write a small plug in in vbs script that will use the result from the software and determine if it’s a OK “return 0” or KO “return 2”
  3. use nrpe

(note: I don’t know anything about your specific problem, but this kind of solution may be used for almost every case :))

hope this helps