On Red Hat derived systems, there is a tool called certwatch(1) that does this for Apache websites. Every day it checks all the certificate listed in the Apache configuration file. If the script detects that the certificate will expire soon (say in 30 days), it sends out an email notification, that way you can renew the certificate before it expires. What I’m looking for is a tool that does the same job, except for websites hosted in IIS. How do other people out there handle this problem?
To be honest, I’d rather keep track of certificate expiration in a shared calendar system, however our business relies on Exchange. To my knowledge, there is no way with an Exchange calendar to send out a reminder on a given date to all members of a group, such that as people in the group are replaced they will automatically be added to the reminder (five years is a long time to assume that everyone originally assigned to the reminder will not have changed positions).
About our environment:
We do already have a “solution” in place fulfilling the role 😉 of a network management system, however it is not able to monitor for certificate expiration (although I have submitted it as a feature request). We do have Linux hosts at our disposal, however I would prefer not to have to set up and manage a second, complex monitoring system (if it was a simple monitor running on Linux, that would be acceptable). I do understand, however, that the simple Windows script I am looking for may not exist (yet).
Best Answer
If you have a linux box, or you can get it to run under Windows I have a python script that I hacked out a while ago to check certs on various systems (it probably isn't very pythonic or pretty). I basically just have call it from cron, which automatically emails me. It connects to defined systems retrieves and examples the dates of the certs. I had it checking the certs on HTTPS, IMAPs, POP3s, RDP services.
I am sure many network management systems like Nagios have extensions and check tools that could monitor this as well.