Intermediate CA Store - Variable replacement not working - Cert Lifespan Alert

rafabu / SCOM-PKICertificateMP

This is for SCOM - System Center Operations Manager: The PKI Certificate Verification MP discovers PKI Certificates and Certificate Revocation Lists inside computers’ local certificate stores. It helps preventing service interruptions caused by invalid certificates by alerting when

GNU Lesser General Public License v3.0

20 stars 11 forks source link

Intermediate CA Store - Variable replacement not working - Cert Lifespan Alert #16

Open sbanyas opened 4 years ago

sbanyas commented 4 years ago

Alerts for certs in Personal Store are working with variable replacement in the alert now. However alerts for certs in Intermediate CA Store are not performing variable replacement.

CertificateLifespanIntermediateCA

CertificateLifespanPersonal

rafabu commented 4 years ago

Could you please check the discovered properties on the certificates that failed to resolve the parameters? I suspect either a timing issue (a re-discovery cycle is required to populate the "Enterprise Template" with a string value of "n/a" for non-enterprise issued certificates). After upgrading the MP, a successful discovery cycle is required. It may also take some time until new MP version is distributed to all agents. Or then something specific to said store/certificate that makes it fail.

brendiback commented 4 years ago

Hello! See same problem with only selfsigned certificates (but with all selfsigned). Checked in two scom installations. All properies were discovered and alert context shows valid data.

MichielRens commented 10 months ago

See Alert description not populating correctly for a workaround by overriding the Alert Description for the CertificateValidity and CertificateAboutToExpire monitor.