One of the best parts of TechEd was getting to talk with customers who are using Operations Manager and had a specific question that they were looking for a resolution to. One of these conversations that I had was around how to monitor certificates and provide a notification of when they will expire beyond the three week default timeframe. I spent a little time digging into this and found that the community has a management pack available which could assist with this question.

It’s available from SystemCenterCentral at: http://www.systemcentercentral.com/pack-catalog/pki-certificate-verification-mp/

The default certificate expiration is set to 21 days. However, this can be changed via an override as shown below. This is set on the Certificate lifespan monitor by changing the Lifetime threshold as shown below.

A sample alert is shown below:

The certificate has expired on 31.15.2002 09:00. Certificate Name: Microsoft Windows Hardware Compatibility Serial number: 198b11d13f9a8ffe69a0 Certificate store: Intermediate Certification Authorities

Lifetime threshold (days)

Default: 21 days

Calculates how many days are left until the certificate expires by evaluating the ‘Valid to’ property of a certificate

Summary: If you are looking for a way to get an alert more than three weeks before your certificate expire, you may want to check out the SystemCenterCentral pack available at http://www.systemcentercentral.com/pack-catalog/pki-certificate-verification-mp/. Once it is added you can change the default behavior by setting an override on the Lifetime threshold field.