There are multiple ways to get SSL Certification expiry details/alert. We all know if our SSL certificate get expire, how critical situation will be. So its always best to know before our certificate get expire, so that we can take necessary action on it, and replace with new one. This solution is mainly concentrating on your SSL certificates it will notify you before 30 days. Make sure you have active azure subscription with at-least contributor rights.
Mainly we will be using 3 components from Azure to implement this solution.
1.1. Configure Log analytics.
Once Log analytics created go to the resource and click on Agents Tab.
And from right hand side expand the Log analytics agent instruction, you will get workspace ID and Primary Key. Please copy it we will be using in Automation variable.
Got to IAM and Add Role Assignment to logic app (Managed Identity) as “Log Analytics Reader” Role.
2. Create Automation Account:
From home page, left top corner click create a resource. And search for automation account. and click on it.
Select the automation account click Create.
Fill the basic details as mentioned below.
And Rest other Tabs leave as default. Hit Review + Create.
2.1. Automation account Configuration:
Once automation account created, go to automation account, and click on Variable tab.
And create variable with Name WorkspaceID and WorkspacePrimaryKey and the copied values from step 1. Respectively.
Now go to run book --> create a new Runbook and fill the details as mentioned below, then hit create.
Then copy the PowerShell script from Link and paste it here. And update the URLs Array very first line with your URLs where you have SSL Certificates. Save and publish it.
Now click on Link to schedule.
Then Click on Schedule --> Add a schedule.
Name the Schedule “Every15days”
Select the Time zone and Recurring type. Click Create. Now your Schedule is created so every 2 week on Monday run script will run and push data into Log analytics.
Note: Manually once or twice run the workbook and test its not giving any error. And if run successful it will create data on log analytics for our test also.
3. Create Logic App (Consumption):
From home page, left top corner click create a resource. And search for logic app. and click on it.
Select the Logic App click Create.
Select the plan type as Consumption. And Click on Review + Create
3.1. Configure Logic App:
Go to Logic app and enable the System Managed Identity.
Go to your logic app and click Logic App Designer.
Add Recurrence as mentioned below. Every 2 week run on Tuesday, because Monday you will get data into log analytics and Tuesday logic app will fetch the data from log analytics.
Next add Run query and visualize results From Azure Monitoring Logs
Define all details as mentioned above. Query you can find it from the link.
Connection should be Managed Identity.
Next action add Send an email from Office365.
Authenticate using O365 mail ID and password it will create a connection.
Click on Body right hand side you will find Dynamic content attachment content and Attachment Name add it to body. Email@domain.com Replace this by email ID to whom you wanna send this alert.
Hit Save and run it.
