Share via

Question about SCOM MP for MS Certificates Monitoring

AdamMohamed-3032 61 Reputation points
2025-01-15T12:23:29.7166667+00:00

Hello All,

I need a clarification about below Microsoft certificate MP.

https://www.microsoft.com/en-us/download/details.aspx?id=104858

Question is :

  1. I want to monitor the certs for certain period like ...want to monitor only 2025 certificates 2024 to 2025 certs only. is this possible or there is any overrides available ? Please advise.
  2. I can see inly expired certificates triggered as an critical alert and about to expire certs are triggering warning alerts. So my expectation is I want about to expire certificates to be triggered as an critical alerts. say for an example .. if a cert tat is going to expire in 20 days I need that to be in critical alert. I knew that we can change the threshold for warning and critical alerts. In the below pic I see 15 days is set for critical alert for expiring cert. So will trigger an critical alert on 15th day ? please clarify ....

Thanks,

Adam

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,521 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SChalakov 10,491 Reputation points MVP
    2025-01-15T16:16:28.9133333+00:00

    Hi Adam,

    to your first question:

    "I want to monitor the certs for certain period like ...want to monitor only 2025 certificates 2024 to 2025 certs only. is this possible or there is any overrides available ? Please advise."

    The MP has many discoveries, which you can override, but non of them offer the possibility to override the issue or expiry date of the certificates you discover.You can use other certificate properties, which are overridable at the discovery level (page 13 from the Management Pack Guide).

    To the second part:

    This is doable, you simply need to override the respective monitors for that: "Certificate Expiry Monitor" Unfortunately there is no screenshot attached to this thread, but overriding this monitor should be a pretty simple task.

    I hope this information helps you out. If not, you can always try the PKI Validation MP from Raphael Buri, I personally find it very useful and easy to work with:

    PKI Certificate Verification MP

    It comes with a detailed guide and also pre-defined, quick start override MP (.xml)

    I hope this can help you out!

    Regards,

    Stoyan

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.