|
|
 
20 |
Update March 20, 2012 - Version 1.0.1.20 now available for download.
Over 2500 downloads of previous versions.
Compatible with OpsMgr 2007 R2 and OpsMgr 2012
PKI Certificates serve to protect web sites by enabling SSL, secure cross-server communication and see many other uses.
The PKI Certificate Verification MP discovers PKI Certificates and Certificate Revocation Lists inside computers' local certificate stores. It helps preventing service interruptions caused by invalid certificates by alerting when:
- a certificate’s lifetime is about to expire
- a certificate’s lifetime has ended
- a certificate has become invalid because of a different reason
- a CRL has not been updated in a timely manner
The MP conatins a full set of inventory reports to help you audit certificates. The included guide contains detailed instructions on how to configure the MP. Click the Download button at bottom to download the management pack.
The PKI Certificate Verification MP was a jointly developed by Raphael Burri, Pete Zerger and Jaime Correia, specifically for release on the SystemCenterCentral.com site. Look out for a multi part article series on MP authoring using the Authoring Console by the same authors. The series uses the PKI Certificate Verification MP as a sample to explain the concepts and procedures of writing a Management Pack. Part 1 is available on the site at the link below
MP Creation Zen: Part 1 - Concepts and Application Modeling
Change History
Please read the release notes carefully before attempting an upgrade of any previously released version.
Changes between 1.0.1.15 (March 2011) and 1.0.1.20 (March 2012)
- Corrected a discovery bug that would hit when a server's locale was non-US and CA certificates were found in the store.
- Fixed some spelling issues in display strings
- Verified OpsMgr 2012 compatibility
Changes between 1.0.0.288 (released Jun 17, 2010) and 1.0.1.15
- Improved discovery of Issued to and Issued by properties: Will use Subject Alternative Name if certificate doesn’t have a subject and will correctly extract the subject if CN= isn’t encountered on the first line of the subject string.
- Additional certificate property: CA Version (based on extension szOID_CERTSRV_CA_VERSION). If this property holds a value, that certificate is a Windows CA one.
- Does no longer discover superseded CA certificates. Evaluation is based on the CA Version property. Additional override to change that behavior if required.
- Monitors will not mark superseded CA certificates as expired if their discovery is enabled.
- Expose script timeout as an overidable parameter
- Changed alert priority to ‘Low’.
- Broke upgrade path to avoid potential agent stale issues when upgrading from V 1.0.0.280 or earlier.
Changes between 1.0.0.280 (released April 19, 2010) and 1.0.0.280
- Much more relaxed script timing
- cook down safe timing override option
- public certificate store data source (to add custom certificate stores)
- better compatibility with legacy Operation Systems (2000 & 2003)
- introduces a Release Notes document; which is a must read for updates from any previous release to 1.0.0.288!
Only registered users may download. Registration is free.