We replaced one of the monitors for Azure Management Certificates, and I had a few requests to share it with the public.
We disabled this monitor:
- Management Pack: Microsoft.SystemCenter.WindowsAzure
- Monitor System Name: Microsoft.SystemCenter.WindowsAzure.Subscription.Certificate.Monitor
- Monitor Display Name: Windows Azure Subscription Certificate Expiration Monitor
- Monitor Description: Windows Azure Subscription Certificate Expiration Monitor
- Alert Title: Management Certificates will expire soon
We didn't like that monitor for several reasons. First, it doesn't say which certificates. It just lets you know that one or more are expired or expiring. And it doesn't give us a way to filter out known certificates that we don't want to monitor. For example, we had a large number of self-signed certs "CN=Windows Azure Tools" which did not need to be monitored.
So we created a very simple, replacement management pack, which I'm attaching to this post. It has one class, one relationship, one discovery, one monitor type (two alerts, one at 30 days and one at 7 days), and overrides the previously mentioned monitor.
The new class, Microsoft.SystemCenter.WindowsAzure.ManagementCertificate, has a separate instance for each certificate for each Azure subscription. So you can get separate alerts for separate certificates. Also, since the discovery is in PowerShell, in an unsealed MP, you can easily edit the logic to exclude certificates you don't want. Here's what we did:
If ( $myCert.Subject -ne 'CN=Windows Azure Tools' )
$myTimeSpan = New-TimeSpan $(Get-Date) $myCert.NotAfter
$DaysRemaining = $myTimeSpan.Days
$sInst = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.SystemCenter.WindowsAzure.ManagementCertificate']$")
Obviously this is not an officially supported MP, so use at your own risk.
Download the Management Pack here: ManagementCertificates