The ‘PKI Addendum pack’ is a tricky pack, due to certificate hierarchy. The decisions included are part of the three pillars – health, Security, Compliance, as well as alerting WHEN manual intervention required.
QUICK DOWNLOAD https://github.com/theKevinJustin/PKIAddendum
The PKI pack provides discoveries of the server certificate stores to then analyze certificates for validity, chain, and expiration. The v1.4.3.0 release adds some task logic and script changes that helps discover more stores, trusted root, etc.
WHAT CAPABILITIES DOES THE ‘PKI ADDENDUM PACK’ PROVIDE?
Set timeframe for certificate per organizational standards.
Break out different expiration alerts based on internal/external certificate, or by AD Client Certificate enrollment templates (to build out the manual intervention required scenario when alerts are generated).
Create groups breaking out application self-signed, PKI certificates.
Separate RDP Auth, Domain Controller, Computer, and OCSP certificates.
If this sounds interesting, and you want to dabble in XML authoring…
Download the pack from GitHub to improve PKI monitoring on Windows Servers.
Additional screenshots of addendum components
Addendum pack creates multiple groups to break out various types of certificates that have different decisions/behaviors requiring unique timing
Groups
Discoveries
Leverage dynamic groups based on server name and EnhancedKeyUsageList (EKU) list
Overrides
Change PKI pack default discoveries, lifetime threshold expirations and more
DOCUMENTATION AND LINKS
Addendum requires the PKI Certificate MP release v1.4.3.0 download
Bob’s TopQuore blog
