Windows Certificate Monitoring in SCOM.
I believe now a days its very common to use Certificates for secure communication including SCOM.
Its surprising we don't have any Mgmt Pack to monitor the same. However, we have third party mgmt. pack already but none is certified yet. I believe there should be certified Mgmt Pack.
Please upvote this idea and leave comments, so we know that many customers would be benefitted by this MP.
This need goes way back so, I think it would be really good to have a MP released directly by Microsoft.
Onkar Ghosh commented
We are using the third party PKI certificate MP in our environment and what we observed is all the certificates in certificate store are not discovered for monitoring. There should be a MP release by MS which will give more rigid solution on certificate monitoring.
We use the community driven PKI MP but it has some issue. It would be great if MS put its resources to develop a more solid and supported solution.
Jacob Fjeldsted commented
A new version of the Third Party solution has been released Nov 11, 2019
I agree that there needs to be a certified/supported MP for monitoring certificates. Why does it seem like minimal development occurs for on prem products these days? Anytime I reach out to our rep we get directed to use an Azure solution that we don't own, which adds cost, and doesn't offer feature parity so we then would end up having to pay for 2 solutions. Doesn't make sense to me....
And about Linux certificate expiration date?
This is a big area of need for major corporations with large environments. Relying on a 3rd party/community MP that may or may not get updated is not an enterprise option.
Rick Bywalski commented
I was using the 3rd party one listed on SCOM 2016 1801 with no issues. Monitoring certificate health is very important in this day and age as many applications use them. At my previous employer we had multiple outages due to certs expiring before I found and installed that MP. After it was installed there was a huge drop in outages due to expired certs. The only ones that happened were if people missed/ignored the alert or the server was in an OU that I was told not to monitor any machines in. When those happened they got pulled into monitoring as well.
It does NOT work in SCOM 2016+
Panos Mavridakis commented
We need an Administration section for all the certificates we produced for the installation of agents (eg different domains) and to monitor all the certificates in the servers (expire date etc)