############################################################### # # Scriptname: PRTGCustomCitrixADMCertificates.ps1 # # Autor: Urs Heeb # Date: 26.09.2022 # # Version: 2022.09.01 / 26.09.22 / Urs Heeb # Create script # 2022.09.02 / 28.09.22 / Urs Heeb # Little corrections (misspellings) # Modified connection string after rebuild PS module # # # Description: Script does following: # Connects to a Citrix ADM # Gets the information of all certificates # Warns about certificates expiring the next 30 days (can be modified) # Alerts about certificates expiring the next 7 days (can be modified) # # Requirements: # PRTG variables are needed while configuration # FQDN of the ADM %windowsdomain %windowsuser %windowspassword # PRTG service user needs read permission on Citrix ADM # PRTGCustomCitrixADM.psm1 module is needed in the same # PRTG custom sensor folder as this script # ############################################################### ### # Get parameter from PRTG param ( [string]$server, [string]$domain, [string]$username, [string]$password ) # For troubleshooting <# $server="adm.domain.pit" $username="username" $password="password" $CustomSensors="\\domain.pit\development\PRTG Custom sensors" #> # Import ADM PS module $CustomSensors="C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\" Import-Module $CustomSensors\PRTGCustomCitrixADM.psm1 # Create the ADM session $ADMHost = "https://"+$server $ADMSession = Connect-ADM -ADMHost $ADMHost -CredUser $username -CredPW $password # Prepare the output variables $ActiveCerts = $null $ActiveCerts2 = $null # Get the certificates from the ADM Invoke-ADMNitro -ADMSession $ADMSession -OperationMethod GET -ResourceType ns_ssl_certkey $ActiveCerts = Invoke-ADMNitro -ADMSession $ADMSession -OperationMethod GET -ResourceType ns_ssl_certkey # Create the variable only with the active events content $ActiveCerts2 = $ActiveCerts | Select-Object ns_ssl_certkey # For troubleshooting #$ActiveCerts2.ns_ssl_certkey | Sort-Object hostname | FT hostname, status, valid_to, subject, issuer #-AutoSize, , subjaltname # Prepare the PRTG output $Certs = $null $Certs = @() $returnState=$null $returnState=@() $returnStateOK = 0 $returnStateWarning = 1 $returnStateCritical = 2 $WarningDate = (Get-Date).AddDays(30) $AlarmDate = (Get-Date).AddDays(7) $WarningString = "Warning - a certificate within the next 8 to 30 days" $WarningLevel = "0.9" $AlertString = "ALERT - a certificate expires soon!" $AlertLevel = "0.9" $OKCount = $null $WarningCount = $null $AlarmCount = $null # Function ConvertTo-DateTime # Converts the dates from the certificates to a standardized format Function ConvertTo-DateTime([string] $datetime) { # Removes double spaces $datetime2 = $datetime -replace '\s+',' ' # Create an array and use the space as separator $arr = $datetime2 -split ' ' # Reorder and create a readable date $validdate = $arr[3] +"-"+ $arr[0] +"-"+ $arr[1] +" "+ $arr[2] # Return the value return $validdate } # Create array with all the certification information ForEach ($Cert in $ActiveCerts2.ns_ssl_certkey){ $CertSubject = ($Cert.subject -split "," | ConvertFrom-StringData).CN $CertIssuer = ($Cert.issuer -split "," | ConvertFrom-StringData).CN $CertValidTo = ConvertTo-DateTime $Cert.valid_to # For troubleshooting #Write-Host $CertValidTo $Certs += [PSCustomObject]@{Host=$Cert.hostname;Subject=$CertSubject;Status=$Cert.status;Expiredate=$CertValidTo;IssuerCA=$CertIssuer} } # For troubleshooting #$Certs | Sort-Object Expiredate | FT -AutoSize # Determine if a certificate is short before expiration ForEach ($Cert2 in $Certs) { $CertName = $Cert2.Subject $Expirationdate = [datetime]$Cert2.Expiredate If ($Expirationdate -le $AlarmDate) { $AlarmCount = $AlarmCount + 1 $RetState = $returnStateCritical $returnState += [PSCustomObject]@{Name=$CertName;State=[Int64]$RetState} } ElseIf ($Expirationdate -le $WarningDate) { $WarningCount = $WarningCount + 1 $RetState = $returnStateWarning $returnState += [PSCustomObject]@{Name=$CertName;State=[Int64]$RetState} } Else { $OKCount = $OKCount + 1 $RetState = $returnStateOK $returnState += [PSCustomObject]@{Name=$CertName;State=[Int64]$RetState} } } # For troubleshooting #$returnState # Determine return string depends on the several states If ($returnState.State -contains 2) { $RetString = $AlertString } ElseIf ($returnState.State -contains 1) { $RetString = $WarningString } Else { $RetString = "OK" } # For troubleshooting #$RetString # Start preparing XML output $retXml = "`n" $retXml += " `n" $retXml += " Certificates expires > 30 days`n" $retXml += " $OKCount`n" $retXml += " Count`n" $retXml += " 0`n" $retXml += " `n" $retXml += " `n" $retXml += " Certificates expires 8 to 30 days`n" $retXml += " $WarningCount`n" $retXml += " Count`n" $retXml += " 1`n" $retXml += " `n" $retXml += " `n" $retXml += " $WarningLevel`n" $retXml += " $WarningString`n" $retXml += " `n" $retXml += " `n" $retXml += " Certificates expires soon`n" $retXml += " $AlarmCount`n" $retXml += " Count`n" $retXml += " 1`n" $retXml += " $AlertLevel`n" $retXml += " $AlertString`n" $retXml += " `n" $retXml += " `n" $retXml += " `n" $retXml += " $RetString`n" $retXml += "`n" ### # Return info to PRTG write-host $retXml