Monitor Website SSL Certificate Expiration

Created by: Gunnar Steinn Magnússon

If you are responsible for a website, you know how important it is to monitor that your SSL Certificates do not expire. With exMon, you are able to receive automatic notifications if your certifications need to be renewed.

  1. Create a new Query in exMon and select the PowerShell data provider
  2. If you do not know how to do this, read the Query Walkthrough
  3. Paste the following snippet into the query window
$minCertAge = 30 # days
$sites = @(
    "https://expectus.is/",
    "https://exmon.com/",
    "https://yourdomainshere.com/"    
)



$timeoutMs = 10000

# Disable certificate validation
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# Create the result DataTable
$exMonResult= New-Object system.Data.DataTable
# Create column definition
$hostname = New-Object system.Data.DataColumn hostname,([string])
$exMonResult.columns.add($hostname)
$expirationDate = New-Object system.Data.DataColumn expirationDate,([datetime])
$exMonResult.columns.add($expirationDate)
$expirationDays = New-Object system.Data.DataColumn expirationDays,([int])
$exMonResult.columns.add($expirationDays)
$certName = New-Object system.Data.DataColumn certName,([string])
$exMonResult.columns.add($certName)
$certEffectiveDate = New-Object system.Data.DataColumn certEffectiveDate,([datetime])
$exMonResult.columns.add($certEffectiveDate)
$certIssuer = New-Object system.Data.DataColumn certIssuer,([string])
$exMonResult.columns.add($certIssuer)

foreach ($site in $sites)
{
    Write-Host Check $site
    $req = [Net.HttpWebRequest]::Create($site)
    $req.Timeout = $timeoutMs
    
    try {
        $req.GetResponse() |Out-Null
    } catch {
        Write-Host URL check error $site`: $_ -f Red
    }
    
    $expDate = $req.ServicePoint.Certificate.GetExpirationDateString()
        
    $certExpDate = Get-Date $expDate
    [int]$certExpiresIn = ($certExpDate - $(get-date)).Days
    
    $certName = $req.ServicePoint.Certificate.GetName()
    $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
    $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString()
    $certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
    
    
    
    
    
    if ($certExpiresIn -gt $minCertAge)
    {
        Write-Host The $site certificate expires in $certExpiresIn days [$certExpDate] -f Green
    }
    else
    {
        Write-Host The $site certificate expires in $certExpiresIn days [$certExpDate] -f Red
    
    # Add Row
    $row = $exMonResult.NewRow();
    $row.hostname = $site;
    $row.expirationDate = $expDate;
    $row.expirationDays = $certExpiresIn;
    $row.certName = $certName;
    $row.certEffectiveDate = $certEffectiveDate;
    $row.certIssuer = $certIssuer;
        $exMonResult.Rows.Add($row);    
    }
    
}

$exMonResult

Customise the query for your environment

  1. Replace the $sites variable with your domains and $minCertAge with your threshold.
  2. Configure exMon to notify you when the certificates are due by enabling Exception Manager and Emails

Example output from the control:

Note: If you require assistance, please create a support ticket

Gunnar is the author of this solution article.