- 6 minutes to read

Monitoring Windows Server X509 Certificates

Learn to monitor the X509 Certificates installed in the Windows Server Certificate Store using the Nodinite Windows Server Monitoring Agent. You can monitor individual certificates with global or specific thresholds.

This page describes the Monitoring of Certificate Stores. These can further be grouped by the selected Category in Nodinite, using one or more role-based Monitor Views. Nodinite monitors the state based on user-defined thresholds, either global or specific. For managing Certificates, some remote commands are available as Actions. These help you swiftly manage reported problems. The implemented Remote Actions are further detailed on this page.

X509 Certificates as Resources
Example with a list of monitored 'X509 Certificates' as resources in a Monitor View.

Monitoring Features

  • You can decide which stores to monitor. Sharing insights is very easy from within Nodinite using Monitor Views.
  • State Evaluation - Based on user-defined settings
  • Category-based monitoring - To help you sort out the different types of resources, the monitored Resources are grouped by Categories

State evaluation for X509 Certificates

Certificate Resources are displayed within Nodinite as Resources. For example, if you have 1337 certificates in the store, you will have 1337 'Certificate' related Resources in Nodinite.

  • The name of a Resource is a combination of the %User-Friendly Name% - Issued By: %Name% / Issued To: %Name%

  • The X509 'Certificate' Resource belongs to one of the following Categories:

    Category Description
    Store Manage thresholds and view all expired certificates on the selected Windows server
    Current User Manage certificates for Current User
    Local Machine Manage certificates installed on the local machine

    Categories
    List of Certificate related Categories, as a filter in a Monitor View.

  • The Application name is the Display Name from the configuration of the monitored Windows Server:
    Application naming example

Each item (presented in Nodinite as a Resource), is evaluated with a state. (OK, Warning, Error, Unavailable).

The evaluated state may be reconfigured using the Expected State feature that exists on every Resource within Nodinite.

Note

Depending on the user-defined synchronization interval set for the Windows Server Monitoring Agent, there might be a delay before Nodinite Web Client/Monitor Views reflects upon the change. Click the Sync All button (or on the dropdown for individual agent selection) to force Nodinite to request a resynchronization request.

Sync
Option to force Nodinite to request a resynchronization with the selected monitoring agent.

Monitoring X509 Certificates

For the different Certificate categories, the monitored state evaluates as described in the tables below:

Store

For the Category Store, there is a single virtual Resource per Windows Server entry named Certificate Store. This Resource can have one of the following states:

State Status Description Actions
Unavailable Service not available
  • If the server can't be reached and evaluated either due to Network or security-related problems
  • Bad configuration (invalid/non existing Source/Provider/...)
 Review prerequisites
Error Error state raised Not Implemented -
Warning Warning state raised Not implemented -
OK Online The Certificate store on the selected computer can be browsed and evaluated Edit
Expired Certificates

Store Actions

The following Remote Actions exist for the Store Category:

Store Actions
Here's an example with the List of Remote Actions for the Store Category.

Edit Certificate Store

Click the Edit action menu item to manage global thresholds.
Edit Certificate Store
Manage global expiration thresholds

Expired Certificates in store

Click the Expired Certificates action menu item to view a list of expired certificates in the different stores where monitoring is enabled Local Machine and Current User

The list of expired certificates is listed in the Local Machine tab.
Expired Certificates in the store - local machine
Review the expired certificates in the local machine store.

The list of expired certificates is listed in the Current User tab.
Expired Certificates in the store - Current User
Review the expired certificates in the current user store.

Current User

For the Category Current User, there can be many Resources named %User-Friendly Name% - Issued By: %Name% / Issued To: %Name%.

The listed Resources can have one of the following states:

State Status Description Actions
Unavailable Service not available
  • If the server can't be reached and evaluated either due to Network or security-related problems
  • Bad configuration (invalid/non existing Source/Provider/...)
 Review prerequisites
Error Error state raised
  • The Certificate is about to expire or has already expired
  • The certificate is invalid, revoked, or has other reported problems
 Edit
Details
Warning Warning state raised The Certificate is about to expire or has already expired Edit
Details
OK Online The certificate is valid and is not about to expire Edit
Details

Actions for Current User

The following Remote Actions are available for the User Category:

Current User Actions
List of action menu items for category 'Current User'.

Edit Current User

Click the Edit action menu item to manage the specific threshold for the selected certificate in the store for the current user.

Edit Certificate User
Manage specific expiration thresholds for Certificate in the selected user store.

Details Current User

Click the Details action menu item to see the details for the selected certificate in the certificate store for the current user.
Details - Current User
Review the details for the selected Certificate in the current user store.

Local Machine

For the Category Local Machine, there can be many Resources named %User-Friendly Name% - Issued By: %Name% / Issued To: %Name%. A Resource can have one of the following states:

State Status Description Actions
Unavailable Service not available
  • If the server can't be reached and evaluated either due to Network or security-related problems
  • Bad configuration (invalid/non existing Source/Provider/...)
 Review prerequisites
Error Error state raised
  • The certificate has expired or is about to expire
  • The certificate is invalid, revoked, or has other reported problems
 Edit
Details
Warning Warning state raised The certificate has expired or is about to expire Edit
Details
OK Online The certificate is valid and is not about to expire Edit
Details

Actions for Local Machine

The following Remote Actions are available for the Store Category:

Local MachineActions
Here's an example with the list of Remote Actions for the Local Machine Category.

Edit Local Machine

Click the Edit action menu item to manage the specific threshold for a selected Certificate in the store for the Local Machine.
Edit Certificate for Local Machine
Here's an example of managing expiration Monitoring thresholds.

Details Local Machine

Click the Details action menu item to see the details for the selected Certificate in the Certificate store for the Local Machine.

Details - Local Machine
Here's an example with Details for the selected Certificate in the Local Machine store.

Configuration

Use the Remote Configuration to manage the Certificate Monitoring configuration.

Next Step

Add or manage Monitor View

Windows Server Monitoring Agent
Resources
Monitoring
Monitor Views