Open Ellrock opened 4 years ago
Ellrock
commented
4 years ago Has this issue been reproduced and/or investigated yet? We would like to get this new version running in production, but it's on hold until this is addressed and we can ensure the appropriate details are showing in the alert description.
Thanks
asros-itr
commented
4 years ago We see the same problem. I appears to fail only for self-signed certificates.
BCornelissen
commented
3 years ago This was actually one of the main reasons for the last version upgrade we did on this pack (1.4.3.0). because it happened in a high percentage of the alerts at the time before. We did confirm in the environments we had (including a large customer of ours) that the issue was solved. However, there might be exception like asros-itr seems to say for specific kinds of certificates. We would have to test against such examples to verify. Also we did see it in the beginning when in-place upgrading from one version of this pack to the newest version that already open alerts would not update and only new alerts would get populated correctly.
We have not been able to reproduce it in the environments we had available with the certs available. Can you let me know the current status Ellrock?
skjaerhus
commented
2 years ago Vi have the same issue present in our environment for a specific intermediate CA cert, "unfortunately" its the only expiring cert we have so cant confirm it's specific to that certificate.
MichielRens
commented
1 year ago The CertificateValidity and CertificateAboutToExpire monitor are using $Target/Property[Type="SystemCenterCentral.Utilities.Certificates.Certificate"]/TemplateName$ as an Alert Parameter (AlertParameter5) and this property can be null/not discovered (e.g. for self-signed certificates). This will break the details in the Alert Description.
Using Kevin Holman's article 'How to override the Alert Name and Alert Description of a Sealed Monitor' describes how to change the Alert Description for these monitors (e.g. removing the Enterprise Template parameter) and that is what I'm about to use.
A future update to this Management Pack should take care of an empty value for self-signed certificates. Update SystemCenterCentral.Utilities.Certificates.LocalScriptProbe.SelfSignedCertificate.Discovery from
<Setting>
<Name>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/TemplateName$</Name>
<Value>$Data/Property[@Name='TemplateName']$</Value>
</Setting>to
<Setting>
<Name>$MPElement[Name="SystemCenterCentral.Utilities.Certificates.Certificate"]/TemplateName$</Name>
<Value>$Data[Default='n/a']/Property[@Name='TemplateName']$</Value>
</Setting>Using Kevin Holman's article 'How to override the Alert Name and Alert Description of a Sealed Monitor' worked out well in overriding the Alert Description for the CertificateValidity and CertificateAboutToExpire monitor (using context SystemCenterCentral.Utilities.Certificates.SelfSignedCertificate to only change the Alert Description for self-signed certificates).
For those facing the same issue, please find below the override MP I've created: PKI.Certificate.Validation.AlertMessage.Overrides.zip
NOTE: $Target variables are not allowed, only $Data context from the monitor output.
Several of the alerts are populating incorrectly. When looking at the alert context tab of the Alert Properties all the details are listed as expected but the Alert Description appears as the below example without the details.
For Example:
Alert Description
The certificate {0}.
Certificate Subject: {1} Certificate Issuer: {2} Certificate Valid to: {8} Serial number: {3}
Enterprise Template: {4} Enhanced Key Usage List: {5}
Store: {6}{7}
Chain Time Details: {9}
Hopefully this will be addressed in future revisions?