rafabu / SCOM-PKICertificateMP

This is for SCOM - System Center Operations Manager: The PKI Certificate Verification MP discovers PKI Certificates and Certificate Revocation Lists inside computers’ local certificate stores. It helps preventing service interruptions caused by invalid certificates by alerting when
GNU Lesser General Public License v3.0
20 stars 11 forks source link

Filter for Exclude Issuer: MS-Organization- certs, does not filter out cert invalid/cert lifespan #30

Closed cjramseyer closed 1 year ago

cjramseyer commented 3 years ago

The personal certificate store monitor/object discovery includes certificates used/issued by Intune + Azure AD. These certificates are only valid for one day and do not have traditional intermediate and root certificates.

The exclusion on the discovery for the personal certificate store filters out some but not all certificates. These certificates do not need to be monitored, and there is no exclusion overrides for cert validity (to filter certs that validity is not important) or cert lifespan, to also filter certs whose lifespan is not important.

Can this please be updated? This MP would be great to use in our production environment, but cannot move beyond development with these issues.

mathieudesjardins commented 3 years ago

This is really a thing that we are facing right now. The view is populated with those kind of certificate and we would like to filter them out. Maybe a possible override to filter out a string of text of some sort? Would be greatly appreciated.

cjramseyer commented 1 year ago

This is clearly not going to have anything done for this. It is unfortunate, but the use of this was eliminated due to this issue

cjramseyer commented 1 year ago

this never got any responses