I know this is a community MP that has no real support, but I also know that a LOT of SCOM Admins are leveraging this MP (because it has an advantage over the Microsoft offering, due to it’s neat feature to be able to disable monitoring of specific Certs via console tasks).
The issue I have is that the MP discovers and monitors CA Certificates just fine, and the Certificate Lifespan monitor will alert when those certs reach Expiry thresholds. The resultant alerts are nice, and show all the pertinent Certificate information in the Alert Description (like Certificate Subject, Certificate Issuer etc etc).
BUT…when you enable the MP Discoveries for Self-Signed Certs, the Alert Description for the same monitor, fails to translate the Certificate properties. You’ll get an Alert Description that looks like this:
What I can’t fathom, is why is this happening? The Class for a Self-signed Cert ( SystemCenterCentral.Utilities.Certificates.SelfSignedCertificate) is a child class of the base class: " SystemCenterCentral.Utilities.Certificates.Certificate", and so inherits the same properties (which can be seen for any Self-signed Cert in Powershell by using the Get-SCOMClassinstance command. So why is the Monitor failing to resolve the following parameters when it is a Self-Signed Cert?
Alert Description Parameters from the Certificate Lifespan monitor:
The certificate $Data[Default=‘_no_CertLifeTimeMessage’]/Context/Property[@Name=‘CertLifeTimeMessage’]$.
Certificate Subject: $Target/Property[Type=“SystemCenterCentral.Utilities.Certificates.Certificate”]/CertIssuedTo$
Certificate Issuer: $Target/Property[Type=“SystemCenterCentral.Utilities.Certificates.Certificate”]/CertIssuedBy$
Certificate Valid to: $Target/Property[Type=“SystemCenterCentral.Utilities.Certificates.Certificate”]/CertValidTo$
Serial number: $Target/Property[Type=“SystemCenterCentral.Utilities.Certificates.Certificate”]/CertSerial$
Enterprise Template: $Target/Property[Type=“SystemCenterCentral.Utilities.Certificates.Certificate”]/TemplateName$
Enhanced Key Usage List: $Target/Property[Type=“SystemCenterCentral.Utilities.Certificates.Certificate”]/EnhancedKeyUsageList$
Store: $Target/Host/Property[Type=“SystemCenterCentral.Utilities.Certificates.CertificateStore”]/StoreProvider$$Target/Host/Property[Type=“SystemCenterCentral.Utilities.Certificates.CertificateStore”]/StoreType$$Target/Host/Property[Type=“SystemCenterCentral.Utilities.Certificates.CertificateStore”]/CertStoreID$
Chain Time Details:
$Data[Default=‘’]/Context/Property[@Name=‘CertVerboseTimeStatus’]$
If I understood why this was happening, I might be able to set up an Alert override that used diff parameters / paths for the Alerts, when the target is a Self-signed Cert…