View Message

Title

Message

Confirm

<< Discussions<< NewsReply

Checking Website Certificate Expiry Dates with CheckCentral

If you have websites that you're in charge of maintaining the SSL certificates for, you can monitor them for expiring certificates using this PowerShell script. The script can be run from anywhere, as it connects to the public URL for the website, and it will email the results wherever you like. You can set it up to email yourself, or you can configure it to email the results to CheckCentral so that you can automate the status parsing.

    Setting Up the Check Schedule

  1. On your CheckCentral dashboard, click the "New Check" link.
  2. Give the Check a name. It can be whatever you like, for example "Website Certificate Expiry Check."
  3. Choose an existing Check Group to add this check to, or create a new one if you like, by clicking "New Group."
  4. For this guide, we'll assume that you're going to run the script every day. In order for CheckCentral to notify you when the Check is overdue (e.g. if the script didn't run as scheduled, or got hung up on its last run), you'll want to configure the "Emails are expected every" setting to "1 Day."
  5. Notice that there's nowhere to assign the time of day that the email is expected. This is because CheckCentral will automatically adjust the expected time based on when the last email arrived. If your script runs at 9am and finishes at 9:01am today, then the next email will be expected at 9:01am tomorrow. In case the script runs slightly late one day, you can configure the Check to only notify you if the email is late by more than a certain amount of time. We'll leave it at the default of 30 minutes for this example, which means that you won't get an "Overdue" notification until 9:31am tomorrow. This allows an extra 30 minutes for the script to run before any action is taken.
  6. The Description field is optional, but can be helpful for documentation purposes.
  7. The Check Information Section
    The Check Information Section

    Configuring the Matching Rules

  8. The "Matching Rules" section is where you'll tell CheckCentral which emails should be processed by this Check. By default, the Check's email address will be populated with a custom email address based on the Check name. For this example we'll change it to "demo+certexpirycheck@mycheckcentral.cc." You'll see where this gets used later in this guide.
  9. The Matching Rules Section
    The Matching Rules Section

    Configuring the Status Rules

  10. In the "Status" section, you'll set what you want the default status to be when an email matches the check, but doesn't match any of the Success/Warning/Failure rules. Generally it's best to leave this set to Failure, then specify your Success and Warning criteria. This way it's only marked as successful or warning if it matches your given rules, anything else is marked as a failure so that you get notified and can investigate further.
  11. The "Success Rules" section is where you'll set the criteria that will mark the Activity as successful. Click the "Add Success Rule" link. A successful run (no certificates expiring soon) of the script will have the word "Success" in the email Subject, so we'll set the rule to "Subject contains Success"
  12. The "Warning Rules" section is where you'll set the criteria that will mark the Activity as a warning. Click the "Add Warning Rule" link. The email notification for a the script will have the word "Warn" in the email Subject if one or more certificates are expiring soon, so well set the rule to "Subject contains Warn"
  13. The Status Rules Section
    The Status Rules Section

    Configuring Notifications

  14. In the Notifications section, you can choose how to you want to be notified about changes to the status of this Check. In this example, enabling the checkbox for "Email" will send an email when the Check status changes, to everyone on the CheckCentral Organization > Users page that has Email notifications enabled. If there are consecutive Success emails, a notification won't be sent every time, only when the status changes from Success to Warning/Failure, and back.
  15. Click the "Save Check" button to finish setting up this Check.
  16. The Notifications Section
    The Notifications Section

    Setting Up the Script

  17. Now that our Check is setup in CheckCentral, we'll need to setup the script on a machine that can run it every day. First, download the script: CheckWebsiteCertExpiry.zip, and extract it to somewhere on your computer. (e.g. C:\Scripts)
  18. Go to the new folder (e.g. C:\Scripts\CheckWebsiteCertExpiry) and edit websites.txt with the list of websites you want to check. Make sure to put one URL on each line.
  19. Open a PowerShell console and run the script to make sure it works. For example:
    .\CheckWebsiteCertExpiry.ps1 -Websites (Get-Content websites.txt) -EmailFromAddress <Email From Address> -EmailToAddress <Check Email Address from Step 7>
  20. Now refresh the Check page for the Check you created and you should see the new Activity that was sent in by the script.
  21. You're ready to setup the Windows Scheduled Task now, so that the script will run automatically every day. First, edit the parameters at the top of the "CreateScheduledTask.ps1" script and save the changes.
  22. Open an administrative PowerShell console and run .\CreateScheduledTask.ps1.
  23. If everything was successful, you should see the new Scheduled Task in the Windows Task Scheduler. Double-check that the schedule looks good, then run it and verify that a second Activity shows up in the CheckCentral Check.

As always, if you run into any trouble configuring your Checks, please feel free to contact us and we'll be glad to help out.

Feb 4, 2019 (modified 24 days ago)  • #1
Was this helpful?  Login to Vote  Login to Vote
<< Discussions<< NewsReply