[英]Alert for Azure App Service Environment SSL cert expiration
My question is simple:我的问题很简单:
Has someone figured out a way to be alerted when their App Service Environment (ASE) ILB certificate is about to expire?有人想出一种方法可以在他们的应用服务环境 (ASE) ILB 证书即将到期时收到警报吗? I have set up alerts for SSL certificates associated with my other Azure resources but am having difficulties specifically figuring this out with Azure ILB ASEs.我已经为与我的其他 Azure 资源相关联的 SSL 证书设置了警报,但是我很难用 Azure ILB ASE 解决这个问题。 It doesn't help that these certs are good for a year so attempting to "remember" is going to cut it.这些证书有效期一年无济于事,因此尝试“记住”会减少它。
Please check if my findings helpful :请检查我的发现是否有帮助:
As per the research, Yes - we can monitor the SSL Certificates Expiration and get alerts using the Azure Monitor .根据研究,是的 - 我们可以监控 SSL 证书到期并使用 Azure 监视器获取警报。
I didn't find any official documents related to Azure Monitor - Creating alerts to SSL Certificates Options.我没有找到任何与 Azure Monitor - Creating alerts to SSL Certificates Options 相关的官方文档。
Here is a blog article which shows you workarounds about How to create an alert for SSL certificate expiry using Azure Monitor along with the result.这是一篇博客文章,其中向您展示了有关如何使用 Azure Monitor 为 SSL 证书到期创建警报以及结果的解决方法。
You can also use PowerShell-based solutions that alerts based on cert expiry date.您还可以使用基于 PowerShell 的解决方案,根据证书到期日期发出警报。 Here are some references for that:以下是一些参考资料:
You can make use of Azure App Service Certificates feature in the Azure for the websites where you can switch on the certificate's renewal automatically.您可以使用 Azure 中的 Azure App Service Certificates 功能为您可以自动打开证书更新的网站。 For more information, please refer this documentation .有关详细信息,请参阅此文档。
I'll leave this here, after spending a few hours to run this across all app services, it's brute force but you can run it from a logic app on schedule, etc and send administrative email, etc.我会把它留在这里,在花了几个小时在所有应用程序服务上运行它之后,它是蛮力,但你可以按计划从逻辑应用程序运行它,然后发送管理 email 等。
# Connect to your Azure subscriptions
Connect-AzAccount
# Get current date
$currentDate = Get-Date
# Get all the subscriptions
$subscriptions = Get-AzSubscription
# Iterate through each subscription
foreach ($subscription in $subscriptions) {
# Select the current subscription
Select-AzSubscription -SubscriptionId $subscription.Id
# Get all the web apps
$webApps = Get-AzWebApp
# Iterate through each web app
foreach ($webApp in $webApps) {
# Get a list of all SSL certificates on the web app
$sslCertificates = Get-AzWebAppCertificate -ResourceGroupName $webApp.ResourceGroup # -Name $webApp.Name
# Iterate through each SSL certificate
foreach ($sslCertificate in $sslCertificates) {
# Get the certificate expiration date
$expirationDate = $sslCertificate.ExpirationDate
# Get the timespan between the current date and the expiration date
$timeSpan = $expirationDate - $currentDate
#Write-Host "Web App: $($webApp.Name) cert expires in $($timeSpan.TotalDays)"
# Check if the certificate is expiring in 2 months or less
if ($timeSpan.TotalDays -le 100) {
# Print the name, resource group and expiration date of the web app and slot that is using the certificate
Write-Host "Web App: $($webApp.Name) Resource Group: $($webApp.ResourceGroup) Thumbprint: $($sslCertificate.Thumbprint) Expiration Date: $($sslCertificate.ExpirationDate)"
}
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.