If you are responsible for a website you know how important it is to monitor that your SSL Certificates do not expire.
With exMon are able to get automatic notifications if your certifications need to be renewed.
- Create a new Query in exMon and select the PowerShell data provider
- Paste the following snippet into the query window
$minCertAge = 30 # days $sites = @( "https://expectus.is/", "https://exmon.com/", "https://yourdomainshere.com/" ) $timeoutMs = 10000 # Disable certificate validation [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} # Create the result DataTable $exMonResult= New-Object system.Data.DataTable # Create column definition $hostname = New-Object system.Data.DataColumn hostname,([string]) $exMonResult.columns.add($hostname) $expirationDate = New-Object system.Data.DataColumn expirationDate,([datetime]) $exMonResult.columns.add($expirationDate) $expirationDays = New-Object system.Data.DataColumn expirationDays,([int]) $exMonResult.columns.add($expirationDays) $certName = New-Object system.Data.DataColumn certName,([string]) $exMonResult.columns.add($certName) $certEffectiveDate = New-Object system.Data.DataColumn certEffectiveDate,([datetime]) $exMonResult.columns.add($certEffectiveDate) $certIssuer = New-Object system.Data.DataColumn certIssuer,([string]) $exMonResult.columns.add($certIssuer) foreach ($site in $sites) { Write-Host Check $site $req = [Net.HttpWebRequest]::Create($site) $req.Timeout = $timeoutMs try { $req.GetResponse() |Out-Null } catch { Write-Host URL check error $site`: $_ -f Red } $expDate = $req.ServicePoint.Certificate.GetExpirationDateString() $certExpDate = Get-Date $expDate [int]$certExpiresIn = ($certExpDate - $(get-date)).Days $certName = $req.ServicePoint.Certificate.GetName() $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString() $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString() $certIssuer = $req.ServicePoint.Certificate.GetIssuerName() if ($certExpiresIn -gt $minCertAge) { Write-Host The $site certificate expires in $certExpiresIn days [$certExpDate] -f Green } else { Write-Host The $site certificate expires in $certExpiresIn days [$certExpDate] -f Red # Add Row $row = $exMonResult.NewRow(); $row.hostname = $site; $row.expirationDate = $expDate; $row.expirationDays = $certExpiresIn; $row.certName = $certName; $row.certEffectiveDate = $certEffectiveDate; $row.certIssuer = $certIssuer; $exMonResult.Rows.Add($row); } } $exMonResult
Replace the $sites variable with your domains and $minCertAge with your threshold.
Configure exMon to notify you when the certificates are due by enabling Exception Manager and Emails
Example output from the control: