What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

PRTG Custom Sensor Powershell script with openssl, wrong output

Votes:

0

Hello, I created a powershell script to monitor a FTPS Server SSL Certificate. Openssl is installed on the probe server and running the script in powershell gives the correct output, however PRTG always gets the code 2 which I use for "Check Failed". I'd be thankful if anyone can point out the issue here.

Script:

param ($server, $port)

$target = -join($server, ":", $port)

$check = (Write-Output "Q" | openssl s_client -connect $target -CAfile c:\cacert.pem -starttls ftp -verify_quiet | openssl x509 -enddate -noout -checkend 2592000)

$returncode = 2

if ($check -contains "Certificate will expire"){

    $returncode = 1

}

if ($check -contains "Certificate will not expire"){

    $returncode = 0

}

$returndescription = switch($returncode) {

    2 {"Check Failed"}

    1 {"Warning, will expire within 30 days or less"}

    0 {"Success, will not expire soon"}

}

"<prtg>"

   "<result>"

   "<channel>Code</channel>"

   "<value>$returncode</value>"

   "</result>"

   "<text>$returndescription</text>"

   "<text>$check</text>"

"</prtg>"

Powershell output: 

PS C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML> ./ftpzertifikat.ps1 ftp.servername.de 21

220 SERVERNAME FTP Server

DONE

<prtg>

<result>

<channel>Code</channel>

<value>0</value>

</result>

<text>Success, will not expire soon</text>

<text>notAfter=Dec 30 23:59:59 2023 GMT Certificate will not expire</text>

</prtg>

openssl powershell prtg sensor

Created on Jan 25, 2023 2:51:12 PM

Last change on Jan 26, 2023 7:07:58 AM by Felix Wiesneth [Paessler Support]



2 Replies

Accepted Answer

Votes:

1

Hi there,

Did you already check the debug files from PRTG when you enable Store Result in the sensor settings? I would assume that following does not work properly: 

$check = (Write-Output "Q" | openssl s_client -connect $target -CAfile c:\cacert.pem -starttls ftp -verify_quiet | openssl x509 -enddate -noout -checkend 2592000)

and therefore the returncode still is 2.

Kind regards

Felix Wiesneth - Team Tech Support

Created on Jan 27, 2023 6:52:44 AM by Felix Wiesneth [Paessler Support]



Votes:

0

@Felix Wiesneth

Thanks, the logs showed that $check was empty. For some reason openssl was not found even though it is in the system variable $PATH, hardcoding the path to openssl.exe was the solution.

$check = (Write-Output "Q" | .'C:\Program Files (x86)\OpenSSL-Win32\bin\openssl' s_client -connect $target -CAfile c:\cacert.pem -starttls ftp -verify_quiet | .'C:\Program Files (x86)\OpenSSL-Win32\bin\openssl' x509 -enddate -noout -checkend 2592000)

Created on Jan 27, 2023 9:08:56 AM

Last change on Jan 27, 2023 11:20:08 AM by Felix Wiesneth [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.