If you are responsible for a website you know how important it is to monitor that your SSL Certificates do not expire.

With exMon are able to get automatic notifications if your certifications need to be renewed.


  1. Create a new Query in exMon and select the PowerShell data provider
  2. Paste the following snippet into the query window
  3. $minCertAge = 30 # days
    $sites = @(
        "https://expectus.is/",
        "https://exmon.com/",
        "https://yourdomainshere.com/"    
    )
    
    
    
    $timeoutMs = 10000
    
    # Disable certificate validation
    [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    
    # Create the result DataTable
    $exMonResult= New-Object system.Data.DataTable
    # Create column definition
    $hostname = New-Object system.Data.DataColumn hostname,([string])
    $exMonResult.columns.add($hostname)
    $expirationDate = New-Object system.Data.DataColumn expirationDate,([datetime])
    $exMonResult.columns.add($expirationDate)
    $expirationDays = New-Object system.Data.DataColumn expirationDays,([int])
    $exMonResult.columns.add($expirationDays)
    $certName = New-Object system.Data.DataColumn certName,([string])
    $exMonResult.columns.add($certName)
    $certEffectiveDate = New-Object system.Data.DataColumn certEffectiveDate,([datetime])
    $exMonResult.columns.add($certEffectiveDate)
    $certIssuer = New-Object system.Data.DataColumn certIssuer,([string])
    $exMonResult.columns.add($certIssuer)
    
    foreach ($site in $sites)
    {
        Write-Host Check $site
        $req = [Net.HttpWebRequest]::Create($site)
        $req.Timeout = $timeoutMs
        
        try {
            $req.GetResponse() |Out-Null
        } catch {
            Write-Host URL check error $site`: $_ -f Red
        }
        
        $expDate = $req.ServicePoint.Certificate.GetExpirationDateString()
            
        $certExpDate = Get-Date $expDate
        [int]$certExpiresIn = ($certExpDate - $(get-date)).Days
        
        $certName = $req.ServicePoint.Certificate.GetName()
        $certThumbprint = $req.ServicePoint.Certificate.GetCertHashString()
        $certEffectiveDate = $req.ServicePoint.Certificate.GetEffectiveDateString()
        $certIssuer = $req.ServicePoint.Certificate.GetIssuerName()
        
        
        
        
        
        if ($certExpiresIn -gt $minCertAge)
        {
            Write-Host The $site certificate expires in $certExpiresIn days [$certExpDate] -f Green
        }
        else
        {
            Write-Host The $site certificate expires in $certExpiresIn days [$certExpDate] -f Red
        
        # Add Row
        $row = $exMonResult.NewRow();
        $row.hostname = $site;
        $row.expirationDate = $expDate;
        $row.expirationDays = $certExpiresIn;
        $row.certName = $certName;
        $row.certEffectiveDate = $certEffectiveDate;
        $row.certIssuer = $certIssuer;
            $exMonResult.Rows.Add($row);    
        }
        
    }
    
    $exMonResult


  4. Replace the $sites variable with your domains and $minCertAge with your threshold. 

  5. Configure exMon to notify you when the certificates are due by enabling Exception Manager and Emails

Example output from the control: