question

JigneshVala-3362 avatar image
0 Votes"
JigneshVala-3362 asked sikumars rolled back

How to identify SSL certificate of about to expire which used in Web Application OR Service fabric explorer which stored on KeyVault as well

How we can Identify SSL certificate is about to expire, which used in Web Application OR Service Fabric Explorer which stored on KeyVault as well..

We faced some issue every year we are using SSL certificate on web application and when it's expired some time we forgot to change..

We need to first identify through Script OR PowerShell OR AZ-CLI if possible, and we are planning to send email before 15 days automatically through web job..

We saved this certificate on keyvault so if we can read data from keyvault and identify expiry date then also find for us..

Please suggest and provide some automate script which can identify SSL certificate expire date early..

azure-key-vaultazure-webapps-ssl-certificatesdotnet-cli
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JigneshVala-3362,
Just checking in to see whether the response was helpful. If this solves your question, please don't forget to click "Accept the answer" and Up-Vote for it, which may be useful to other members of the community reading this topic. Please let us know if you have any further questions.
Thanks,

0 Votes 0 ·

1 Answer

sikumars avatar image
0 Votes"
sikumars answered sikumars rolled back

Hello @JigneshVala-3362,

Thanks for reaching out.

To get notified about certificate life events such as expiration, you could leverage below either of features out of box which sends certificate notifications. Alternatively, you could also leverage PowerShell/CLI ( Get-AzKeyVaultCertificate -VaultName <vaultname> / az keyvault certificate list --vault-name ) cmdlets but you had to build own logic to filter dates and send notification accordingly also these scripts required base platform to execute cmdlets.

Built-in features:

  • Get notified about certificate expiration using Certificate contacts feature, which contains contact information to send notifications triggered by certificate lifetime events. The contacts information is shared by all the certificates in the key vault. A notification is sent to all the specified contacts for an event for any certificate in the key vault.

You can add using the Azure portal or the PowerShell cmdlet Add-AzKeyVaultCertificateContact. To learn more, refer : https://docs.microsoft.com/en-us/azure/key-vault/certificates/overview-renew-certificate#get-notified-about-certificate-expiration

174561-image.png


  • Get notified about certificate expiration with Azure Event Grid: Event Grid is an eventing service for the cloud. the steps in this guide, you'll subscribe to events for Key Vault and route events to Automation. When one of the secrets in the key vault is about to expire (defined as 30 days before expiration date), Event Grid is notified

Hope this helps.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



image.png (59.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.