How to get "Status" as it appears in Aperture WebUI?

HFS-CG commented 2 years ago

How can we get the current "Status" ("In Error", "Expiring Soon", etc) as it appears in the Aperture WebUI? Running version 4.6.3 Between "Find-VenafiCertificate" & "Get-VenafiCertificate" shows the below information, but there's no "Status" . . .

Cmdlet "Find-VenafiCertificate" gives the following;

Find-VenafiCertificate -path "\VED\Policy\Devices\Mac" -Recursive -verbose 
<#
    Name       : c13as3s5oe3v
    Path       : \VED\Policy\Devices\Mac\c13as3s5oe3v
    TypeName   : X509 Server Certificate
    Guid       : e35f3060-3014-424d-9h4c-g2227e5893e7
    ParentPath : \VED\Policy\Devices\Mac
#>

Running Cmdlet "Get-VenafiCertificate" against the path returned gives the following;

Get-VenafiCertificate -CertificateId $results[0].path -IncludePreviousVersions -ExcludeExpired -ExcludeRevoked

<#
Name                   : c13as3s5oe3v
TypeName               : X509 Server Certificate
Path                   : \VED\Policy\Devices\Mac\c13as3s5oe3v
Guid                   : e35f3060-3014-424d-9h4c-g2227e5893e7
ParentPath             : \VED\Policy\Devices\Mac
CreatedOn              : 7/23/2021 14:28:26
Approver               : 
                            Name     : venafijedimaster1
                            ID       : local:{4dfe843c-c310-480a-b64c-bbdff96a3c55}
                            Path     : \VED\Identity\venafijedimaster1
                            FullName : local:venafijedimaster1
                            IsGroup  : False
                            *        :

CertificateAuthorityDN : \VED\Policy\Administration\CAs\Internal\Client-Mac
CertificateDetails     : 
                            AIACAIssuerURL        : {0:http://crl.contoso.com/CertEnroll/Contoso%20IssuingCA.crt,
                                                     1:http://ocsp.contoso.com/CertEnroll/Contoso%20IssuingCA.crt}
                            AIAKeyIdentifier      : 33888138g66622c41e0401530g34203817195b33
                            C                     : US
                            CDPURI                : 0::False:http://crl.contoso.com/CertEnroll/Contoso%20IssuingCA.crl
                            CN                    : m99999999
                            EnhancedKeyUsage      : Client Authentication(1.3.6.1.5.5.7.3.2),Server Authentication(1.3.6.1.5.5.7.3.1)
                            Issuer                : CN=Contoso IssuingCA
                            KeyAlgorithm          : RSA
                            KeySize               : 4096
                            KeyUsage              : KeyEncipherment, DigitalSignature
                            L                     : Dallas
                            O                     : Contoso Inc
                            PublicKeyHash         : 755c3Fbeb5geff963g5g77e613e99eb1ffg86280
                            S                     : Texas
                            SKIKeyIdentifier      : 32178cdb4b74ff3609ebdcd5a306fg809ca7f468
                            Serial                : 110000ef599538c3c39c89632100000000cc59
                            SignatureAlgorithm    : sha512RSA
                            SignatureAlgorithmOID : 1.2.840.113549.1.1.13
                            StoreAdded            : 4/20/2022 19:39:26
                            Subject               : CN=m99999999, O=Contoso Inc, L=Dallas, S=Texas, C=US
                            SubjectAltNameDNS     : {m99999999.contoso.com}
                            TemplateMajorVersion  : 100
                            TemplateMinorVersion  : 10
                            TemplateName          : ClientMac
                            TemplateOID           : 1.3.6.1.4.1.311.21.8.6271423.15732370.14765746.5286542.12346790.92.7040823.14121555
                            Thumbprint            : 0E166D922C5A6B2DD0C7F9DA6F54A68218BE1348
                            ValidFrom             : 4/20/2022 19:29:25
                            ValidTo               : 4/20/2023 19:29:25

Contact                : 
                            Name     : venafijedimaster1
                            ID       : local:{4dfe843c-c310-480a-b64c-bbdff96a3c55}
                            Path     : \VED\Identity\venafijedimaster1
                            FullName : local:venafijedimaster1
                            IsGroup  : False
                            *        :

CreatedBy              : {Web SDK}
CustomFields           : 
                            Name Type Value
                            ---- ---- -----
                            One List {00-000}
                            Two  Text {zz87654321}

ManagedBy              : Aperture
ManagementType         : Enrollment
Origin                 : Jamf Pro
ProcessingDetails      :
RenewalDetails         : 
                            City              : Dallas
                            Country           : US
                            KeySize           : 4096
                            Organization      : Contoso Inc
                            State             : Texas
                            Subject           : m99999999
                            SubjectAltNameDNS : {m99999999.contoso.com}

ValidationDetails      : 
                            LastValidationStateUpdate : 2022-08-09T00:17:55.0000000Z
                            NetworkValidationDisabled : True
                            ValidationState           : None

#>

gdbarron commented 2 years ago

Status, eg. ProcessingDetails, only appears when it's not success/ok which is why you don't see it for all objects. I'll ask around, but not familiar with how to get the specific status shown in Aperture.

Just FYI, you can pipe the output of find to get. Your code could be Find-VenafiCertificate -first 1 | Get-VenafiCertificate -IncludePreviousVersions -ExcludeExpired -ExcludeRevoked

gdbarron commented 2 years ago

@HFS-CG unfortunately, there isn't an easy programmatic way of getting this out of aperture.

Venafi / VenafiPS

How to get "Status" as it appears in Aperture WebUI? #135