Trigger for Certificate Expiration

triggers

#1

Does anyone have a trigger for identifying expired SSL certificates? I want to alert when a certificate is expired on a device.


#2

Only debugged so far but this should be close…

    /* Trigger on SSL_OPEN events */

    /* Assign to SSL devices, then graph in custom network page and/or 
       alert on the custom stat as desired */ 

    if (SSL.certificate === null) { return; }

    /* Adjust this variable to only catch CN's of interest */
    var subjectsOfInterest = /(extrahop\.com|networktimeout\.com)/;

    var subject = SSL.certificate.subject;
    if (!subjectsOfInterest.test(subject)) { return; }

    /* Adjust this variable depending on how much notice is desired */
    var advanceDaysNotice = 90;
    
    /* Compute current Unix epoch time in seconds for comparison to cert expiration
    */
    var now = getTimestampMSec() / 1000;
    
    /* Convert time to expire into days and log a stat if we're inside the window */
    if ((SSL.certificate.notAfter - now)/86400 <= advanceDaysNotice) {
       Network.metricAddCount('expiring_ssl_open', 1);
       Network.metricAddDetailCount('expiring_ssl_open_detail', SSL.certificate.subject, 1);
    }
    
    /*
    debug("Cert: " + SSL.certificate.subject + "\nCert NA: " + SSL.certificate.notAfter + "\nNow: " + now + "\nExpires in " + ~~((SSL.certificate.notAfter - now)/86400) + " days");
    */

#3

Hello,

I’m checking to see if you were able to get this working for you?

I have a similar need and need to send out a regular report of expiring certs.

Thanks,

:slight_smile:


#4

Hi,

There is a bundle at https://www.extrahop.com/community/bundles/gumby/expiring-ssl-certificates/ that you can tweak and apply to your environment to look for expired and expiring certs. Enjoy!


#5

If you have feedback on the bundle, you can post it here: Expiring SSL Certificates

You’re also welcome to post your own bundles here: https://www.extrahop.com/community/bundles/

:relaxed: