public static void CertificateInventoryCallback(object state) { string correlationId = Guid.NewGuid().ToString("N").Substring(16); CertificateProbe typedState = (CertificateProbe)state; typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow:u} | {correlationId} | === beginning local certificate inventory; finding matches for {typedState.localFindType_}={typedState.localFindValue_} in {StoreLocation.LocalMachine}\\{typedState.localStore_}"); var matchingCerts = CertExplorer.FindMatchingCertificates( StoreLocation.LocalMachine, typedState.localStore_, typedState.localFindType_, typedState.localFindValue_, secondaryFindValue: string.Empty, doTakeMostRecentOnly: false, excludeExpiredCerts: true); bool anyAtRisk = false; int countAtRisk = 0; foreach (var cert in matchingCerts) { var isLinked = CertExplorer.IsLinkedCertificate(cert, out string linkedToTP); var renewalTP = isLinked && !String.IsNullOrWhiteSpace(linkedToTP) ? linkedToTP : "(none)"; var isAtRisk = cert.Issuer.Contains(v1IssuerPrefix); var certCN = cert.GetNameInfo(X509NameType.SimpleName, forIssuer: false); var certIssuerCN = cert.GetNameInfo(X509NameType.SimpleName, forIssuer: true); var certDesc = String.Format($"TP={cert.Thumbprint}, CN={certCN}, issued by: {certIssuerCN}, NBF={cert.NotBefore.ToShortDateString()}, NA={cert.NotAfter.ToShortDateString()}, renewal={renewalTP}, at risk: {(isAtRisk ? "YES" : "no")}"); typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow:u} | {correlationId} | cert probe | match: {certDesc}"); anyAtRisk |= isAtRisk; if (isAtRisk) { countAtRisk++; } } typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow:u} | {correlationId} | === completed local certificate inventory; certs at risk: {countAtRisk}"); }
private static void DoProbe(Config probeConfig) { var ts = DateTime.UtcNow.ToString("u").Replace(':', ' ').Replace('-', ' ').Replace(" ", ""); var logFileName = Directory.GetCurrentDirectory() + "\\CertificateProbe-" + ts + ".log"; var typedConfig = probeConfig as ProbeConfig; if (typedConfig == null) { throw new ArgumentException($"{nameof(probeConfig)} is not of expected ProbeConfig type"); } using (var probe = new CertificateProbe(typedConfig, logFileName)) { probe.EndlessRun(); } //localCertStoreName: "my", //localCertFindType: X509FindType.FindBySubjectName, //localCertFindValue: "WinFabric-Test-SAN1-Alice", //serverUri: "sftestinfra-dev3.westus.cloudapp.azure.com", //port: 19080, //TimeSpan.FromSeconds(10.0), //logFileName)) }