Skip to content

Latest commit

 

History

History

SSL certificates

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
check_ssl_certs.ps1
check_ssl_certs.ps1
 
 
check_ssl_certs_urls_list.txt
check_ssl_certs_urls_list.txt
 
 

README.md

Script to monitor dates of HTTPS certificates.

The script sends dates of HTTPS certificates to Zabbix.

Script lists all urls from text file, and automatically makes all items on Zabbix server through API. You don't have to make them manually.

This solution based on Microsoft Powershell which embedded in Windows.

History

There are a bunch of similar solutions for Zabbix, but they are all for Linux environment. This one is based on Windows.

And now on 6.0 Zabbix can monitor certificates natively. Though, I didn't test that.

Installation:

  1. Copy files check_ssl_certs.ps1, check_ssl_certs_urls_list.txt, functions_zabbix.ps1 to any folder on any server (its host must be exist in zabbix). And don't forget functions_zabbix.ps1

  2. Edit check_ssl_certs_urls_list.txt and write there all needed urls for monitoring

  3. Run script check_ssl_certs.ps1 and check for errors.

    • Login to server
    • Run Powershell ISE
    • Open check_ssl_certs.ps1
    • Edit first line of script with $zabbix_server_url variable. Save script.
    • Tailor function Zabbix-GetProxyByHostname for your infrastructure and naming conventions.
    • Set $user and $password variables in command line (they are case-sensitive!). They only need in setup run, do not add them to script for security reasons.
    • Run check_ssl_certs.ps1
    • Check for errors
    • Script will list all HTTPS urls from text file and add appropriate keys in zabbix (via Zabbix API)

  4. Add script to Windows task scheduler:
    "Create Task.."

    • In General tab:
      Name: enter any task name as you wish. For instance: "HTTPS certificates monitoring"

    "When running the task, use the following user account:"
    Enter some account. You don't have to enter account with Admin rights here
    DO NOT set checkbox "Do not store password"
    I suppose NT AUTHORITY/SYSTEM will work fine

    • "Run whether user is logged on or not"

    • Configure for: set latest version

    • In Triggers tab:
      "New..."

      Begin task: On a schedule (default)
      Daily
      Recur every 1 days
      Stop task if it runs longer than: 30 minutes (this is optional parameter, just in case)
      Enabled (default)

    • In Actions tab:
      "New..."

      Action: Start a program
      Program/script: Powershell.exe
      (or: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe)
      Add arguments (optional): -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "c:\zabbix\scripts\check_ssl_certs.ps1" -Mode "Scheduler"
      (edit path to script here. And this is NOT optional :-) )

    • In Settings tab:
      Stop the task if it runs longer than: 1 hour (this is optional parameter, just in case)

    After clicking OK don't forget to enter (correct!) password to account, if you didn't enter SYSTEM account.

  5. Run created task and see that status changed to Ready and Last Run Result is (0x0)

  6. Check that zabbix server correctly receives data (see Latest data, Hosts: your host, Name: Cert)