Monitoring a Windows Certificate Authority – Appliance

One of the best and quickest ways to monitor your certificates with CertMS is to set up a Certificate Authority Monitor. As with everything CertMS does we want to be as passive as possible in our approach.

There are two steps to Monitoring a CA with CertMS.

1. Tasks on CertMS Appliance

Within the CertMS Appliance web interface go to Monitors -> CA Monitors

Click “Add CA Monitor”

Fill out all of the information about your Certificate Authority.

** Note Each Monitor can only do one Certificate Template. Create additional Monitors if you want to monitor multiple templates on one CA **

Once you have everything filled out click Submit and your CA will be saved and you will be taken back to the CA Monitors page.

Click on the “Download Monitor Script” button to download the PowerShell script.

This script will be used on the Issuing CA to perform step 2. You only need one script per issuing CA, so even if you are monitoring multiple Certificate Templates on a single issuing CA you only need one script.

2. On Issuing Certificate Authority

Copy the “camonitor.ps1” script to the Certificate Authority server you want to monitor.

From an elevated PowerShell window on the Issuing Certificate Authority execute the command below to install the camonitor scheduled task.

PS c:\Users\Mike> camonitor.ps1 -Install

This command creates a new scheduled task on the server that will run every 5 minutes. You are welcome to update this task to run more or less often if you would like.

The CA Monitor script is now installed and will start to send data to your CertMS Appliance.

A few troubleshooting items to keep in mind.

• Your Issuing CA needs to trust the HTTPS certificate that CertMS is using.
  • You can accomplish this by updating your CertMS HTTPS certificate with one from your own Certificate Authority.