How to identify SSL certificate of about to expire which used in Web Application OR Service fabric explorer which stored on KeyVault as well

Jignesh Vala 61 Reputation points
2022-02-13T13:42:19.797+00:00

How we can Identify SSL certificate is about to expire, which used in Web Application OR Service Fabric Explorer which stored on KeyVault as well..

We faced some issue every year we are using SSL certificate on web application and when it's expired some time we forgot to change..

We need to first identify through Script OR PowerShell OR AZ-CLI if possible, and we are planning to send email before 15 days automatically through web job..

We saved this certificate on keyvault so if we can read data from keyvault and identify expiry date then also find for us..

Please suggest and provide some automate script which can identify SSL certificate expire date early..

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,327 questions
.NET CLI
.NET CLI
A cross-platform toolchain for developing, building, running, and publishing .NET applications.
339 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,009 questions
{count} votes

Accepted answer
  1. Siva-kumar-selvaraj 15,666 Reputation points
    2022-02-15T16:18:42.08+00:00

    Hello @Jignesh Vala ,

    Thanks for reaching out.

    To get notified about certificate life events such as expiration, you could leverage below either of features out of box which sends certificate notifications. Alternatively, you could also leverage PowerShell/CLI ( Get-AzKeyVaultCertificate -VaultName <vaultname> / az keyvault certificate list --vault-name ) cmdlets but you had to build own logic to filter dates and send notification accordingly also these scripts required base platform to execute cmdlets.

    Built-in features:

    • Get notified about certificate expiration using Certificate contacts feature, which contains contact information to send notifications triggered by certificate lifetime events. The contacts information is shared by all the certificates in the key vault. A notification is sent to all the specified contacts for an event for any certificate in the key vault.

    You can add using the Azure portal or the PowerShell cmdlet Add-AzKeyVaultCertificateContact. To learn more, refer : https://learn.microsoft.com/en-us/azure/key-vault/certificates/overview-renew-certificate#get-notified-about-certificate-expiration

    174561-image.png

    • Get notified about certificate expiration with Azure Event Grid: Event Grid is an eventing service for the cloud. the steps in this guide, you'll subscribe to events for Key Vault and route events to Automation. When one of the secrets in the key vault is about to expire (defined as 30 days before expiration date), Event Grid is notified

    Hope this helps.

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.